b703df1dc4a96617233ad21bf961741093eca1a924efd08c4c0559bc71175e49

Analysis

max time kernel
120s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aade230760e5a39c2d7ad0b42e6515a0N.exe
Size

468KB
MD5

aade230760e5a39c2d7ad0b42e6515a0
SHA1

fab34872bb8bec1e989c2f7aac9962307a453b6d
SHA256

b703df1dc4a96617233ad21bf961741093eca1a924efd08c4c0559bc71175e49
SHA512

6bee51b2049450fb2cb2c50a047781ca22c2f1240c3b4a0fb249868f73960869dfcb5b773f8b6dab84cdf4345c52d371c1a02487abc10d67c333df9ab630dd61
SSDEEP

3072:dFCIogIujq8U2bY9Pz3yqf8/oChjyIplP4HxpTHWZt8+4zfNEql9:dFZocTU2+PDyqfz0WIZt7afNE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2992	Unicorn-53320.exe
868	Unicorn-39890.exe
4420	Unicorn-58919.exe
1792	Unicorn-39096.exe
2164	Unicorn-4285.exe
2960	Unicorn-41134.exe
4524	Unicorn-49957.exe
3528	Unicorn-55022.exe
3292	Unicorn-47601.exe
1356	Unicorn-63382.exe
1252	Unicorn-20958.exe
1640	Unicorn-36740.exe
1644	Unicorn-6013.exe
1896	Unicorn-12135.exe
680	Unicorn-18000.exe
688	Unicorn-33772.exe
3744	Unicorn-34134.exe
1488	Unicorn-11021.exe
4352	Unicorn-62479.exe
1960	Unicorn-30072.exe
3304	Unicorn-18374.exe
3316	Unicorn-46408.exe
232	Unicorn-5467.exe
2756	Unicorn-50300.exe
1332	Unicorn-19574.exe
4448	Unicorn-56422.exe
2472	Unicorn-38602.exe
3516	Unicorn-49538.exe
2480	Unicorn-51068.exe
2968	Unicorn-20896.exe
4052	Unicorn-36678.exe
4376	Unicorn-42800.exe
628	Unicorn-45422.exe
1564	Unicorn-53782.exe
1728	Unicorn-33916.exe
1012	Unicorn-53020.exe
3200	Unicorn-31586.exe
1288	Unicorn-31586.exe
2232	Unicorn-53490.exe
1224	Unicorn-10419.exe
1376	Unicorn-33554.exe
1160	Unicorn-41722.exe
4820	Unicorn-35592.exe
2284	Unicorn-30024.exe
3632	Unicorn-46553.exe
3972	Unicorn-60004.exe
1396	Unicorn-41530.exe
552	Unicorn-49433.exe
3964	Unicorn-19164.exe
2304	Unicorn-41530.exe
4216	Unicorn-25748.exe
3224	Unicorn-17117.exe
1812	Unicorn-58058.exe
4844	Unicorn-31151.exe
3328	Unicorn-40760.exe
2724	Unicorn-46361.exe
3548	Unicorn-37830.exe
5084	Unicorn-46745.exe
3300	Unicorn-13325.exe
428	Unicorn-52796.exe
820	Unicorn-41098.exe
1868	Unicorn-24107.exe
3284	Unicorn-29973.exe
3236	Unicorn-60964.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
6988	4820	WerFault.exe	138
9464	5164	WerFault.exe	175
10208	8156	WerFault.exe	338
10220	7916	WerFault.exe	327
13144	7160	WerFault.exe	249
13240	7932	WerFault.exe	329
15292	13680	WerFault.exe	654
6640	14608	WerFault.exe	711
17192	15884	WerFault.exe	913
17224	7836	WerFault.exe	980
17344	10188	WerFault.exe	984
18212	2180	Process not Found	759

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58729.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4048	dwm.exe
Token: SeChangeNotifyPrivilege	4048	dwm.exe
Token: 33	4048	dwm.exe
Token: SeIncBasePriorityPrivilege	4048	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5020	aade230760e5a39c2d7ad0b42e6515a0N.exe
2992	Unicorn-53320.exe
868	Unicorn-39890.exe
4420	Unicorn-58919.exe
1792	Unicorn-39096.exe
2164	Unicorn-4285.exe
2960	Unicorn-41134.exe
4524	Unicorn-49957.exe
3528	Unicorn-55022.exe
1896	Unicorn-12135.exe
1252	Unicorn-20958.exe
1356	Unicorn-63382.exe
1644	Unicorn-6013.exe
3292	Unicorn-47601.exe
1640	Unicorn-36740.exe
680	Unicorn-18000.exe
688	Unicorn-33772.exe
3744	Unicorn-34134.exe
1488	Unicorn-11021.exe
4352	Unicorn-62479.exe
3304	Unicorn-18374.exe
1960	Unicorn-30072.exe
3316	Unicorn-46408.exe
232	Unicorn-5467.exe
2756	Unicorn-50300.exe
2472	Unicorn-38602.exe
3516	Unicorn-49538.exe
1332	Unicorn-19574.exe
4448	Unicorn-56422.exe
2480	Unicorn-51068.exe
4052	Unicorn-36678.exe
4376	Unicorn-42800.exe
2968	Unicorn-20896.exe
628	Unicorn-45422.exe
1728	Unicorn-33916.exe
1564	Unicorn-53782.exe
1012	Unicorn-53020.exe
3200	Unicorn-31586.exe
2232	Unicorn-53490.exe
1288	Unicorn-31586.exe
1224	Unicorn-10419.exe
1376	Unicorn-33554.exe
1160	Unicorn-41722.exe
2284	Unicorn-30024.exe
3632	Unicorn-46553.exe
1396	Unicorn-41530.exe
3972	Unicorn-60004.exe
3964	Unicorn-19164.exe
4844	Unicorn-31151.exe
1812	Unicorn-58058.exe
3224	Unicorn-17117.exe
3328	Unicorn-40760.exe
552	Unicorn-49433.exe
2304	Unicorn-41530.exe
4216	Unicorn-25748.exe
2724	Unicorn-46361.exe
3548	Unicorn-37830.exe
428	Unicorn-52796.exe
3300	Unicorn-13325.exe
5084	Unicorn-46745.exe
3236	Unicorn-60964.exe
820	Unicorn-41098.exe
3284	Unicorn-29973.exe
4984	Unicorn-40544.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2992	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	89
PID 5020 wrote to memory of 2992	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	89
PID 5020 wrote to memory of 2992	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	89
PID 2992 wrote to memory of 868	2992	Unicorn-53320.exe	94
PID 2992 wrote to memory of 868	2992	Unicorn-53320.exe	94
PID 2992 wrote to memory of 868	2992	Unicorn-53320.exe	94
PID 5020 wrote to memory of 4420	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	95
PID 5020 wrote to memory of 4420	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	95
PID 5020 wrote to memory of 4420	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	95
PID 868 wrote to memory of 1792	868	Unicorn-39890.exe	97
PID 868 wrote to memory of 1792	868	Unicorn-39890.exe	97
PID 868 wrote to memory of 1792	868	Unicorn-39890.exe	97
PID 4420 wrote to memory of 2164	4420	Unicorn-58919.exe	98
PID 4420 wrote to memory of 2164	4420	Unicorn-58919.exe	98
PID 4420 wrote to memory of 2164	4420	Unicorn-58919.exe	98
PID 2992 wrote to memory of 4524	2992	Unicorn-53320.exe	99
PID 2992 wrote to memory of 4524	2992	Unicorn-53320.exe	99
PID 2992 wrote to memory of 4524	2992	Unicorn-53320.exe	99
PID 5020 wrote to memory of 2960	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	100
PID 5020 wrote to memory of 2960	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	100
PID 5020 wrote to memory of 2960	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	100
PID 2164 wrote to memory of 3528	2164	Unicorn-4285.exe	103
PID 2164 wrote to memory of 3528	2164	Unicorn-4285.exe	103
PID 2164 wrote to memory of 3528	2164	Unicorn-4285.exe	103
PID 4420 wrote to memory of 3292	4420	Unicorn-58919.exe	104
PID 4420 wrote to memory of 3292	4420	Unicorn-58919.exe	104
PID 4420 wrote to memory of 3292	4420	Unicorn-58919.exe	104
PID 1792 wrote to memory of 1356	1792	Unicorn-39096.exe	105
PID 1792 wrote to memory of 1356	1792	Unicorn-39096.exe	105
PID 1792 wrote to memory of 1356	1792	Unicorn-39096.exe	105
PID 868 wrote to memory of 1252	868	Unicorn-39890.exe	106
PID 868 wrote to memory of 1252	868	Unicorn-39890.exe	106
PID 868 wrote to memory of 1252	868	Unicorn-39890.exe	106
PID 2960 wrote to memory of 1640	2960	Unicorn-41134.exe	107
PID 2960 wrote to memory of 1640	2960	Unicorn-41134.exe	107
PID 2960 wrote to memory of 1640	2960	Unicorn-41134.exe	107
PID 4524 wrote to memory of 1644	4524	Unicorn-49957.exe	108
PID 4524 wrote to memory of 1644	4524	Unicorn-49957.exe	108
PID 4524 wrote to memory of 1644	4524	Unicorn-49957.exe	108
PID 5020 wrote to memory of 680	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	109
PID 5020 wrote to memory of 680	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	109
PID 5020 wrote to memory of 680	5020	aade230760e5a39c2d7ad0b42e6515a0N.exe	109
PID 2992 wrote to memory of 1896	2992	Unicorn-53320.exe	110
PID 2992 wrote to memory of 1896	2992	Unicorn-53320.exe	110
PID 2992 wrote to memory of 1896	2992	Unicorn-53320.exe	110
PID 3528 wrote to memory of 688	3528	Unicorn-55022.exe	111
PID 3528 wrote to memory of 688	3528	Unicorn-55022.exe	111
PID 3528 wrote to memory of 688	3528	Unicorn-55022.exe	111
PID 2164 wrote to memory of 3744	2164	Unicorn-4285.exe	112
PID 2164 wrote to memory of 3744	2164	Unicorn-4285.exe	112
PID 2164 wrote to memory of 3744	2164	Unicorn-4285.exe	112
PID 1896 wrote to memory of 1488	1896	Unicorn-12135.exe	113
PID 1896 wrote to memory of 1488	1896	Unicorn-12135.exe	113
PID 1896 wrote to memory of 1488	1896	Unicorn-12135.exe	113
PID 2992 wrote to memory of 4352	2992	Unicorn-53320.exe	114
PID 2992 wrote to memory of 4352	2992	Unicorn-53320.exe	114
PID 2992 wrote to memory of 4352	2992	Unicorn-53320.exe	114
PID 1640 wrote to memory of 1960	1640	Unicorn-36740.exe	115
PID 1640 wrote to memory of 1960	1640	Unicorn-36740.exe	115
PID 1640 wrote to memory of 1960	1640	Unicorn-36740.exe	115
PID 2960 wrote to memory of 3304	2960	Unicorn-41134.exe	116
PID 2960 wrote to memory of 3304	2960	Unicorn-41134.exe	116
PID 2960 wrote to memory of 3304	2960	Unicorn-41134.exe	116
PID 1252 wrote to memory of 3316	1252	Unicorn-20958.exe	117

C:\Users\Admin\AppData\Local\Temp\aade230760e5a39c2d7ad0b42e6515a0N.exe
"C:\Users\Admin\AppData\Local\Temp\aade230760e5a39c2d7ad0b42e6515a0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        9⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        10⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        11⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        11⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        10⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        10⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        9⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        9⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 412
        10⤵
        Program crash
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        9⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        9⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        8⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        9⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        9⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37590.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        10⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        10⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        9⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        9⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
        9⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        7⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        9⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        9⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        8⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        8⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        7⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        8⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        7⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        8⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        7⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
        6⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        7⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
        6⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        8⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        9⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        9⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        7⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        8⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        7⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        7⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        6⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        9⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        9⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
        9⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        8⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9923.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        7⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        7⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        6⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        7⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        6⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        5⤵
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        8⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        7⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        7⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        6⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56641.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        7⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        7⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        6⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
        5⤵
        
        PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54069.exe
        6⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51099.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
        5⤵
        
        PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
        6⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        5⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        5⤵
        
        PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        5⤵
        
        PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
      4⤵
      PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
      4⤵
      PID:10712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        9⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        9⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        8⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51534.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        7⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        8⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        7⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        5⤵
        
        PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        7⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15755.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33096.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        5⤵
        
        PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        5⤵
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
      4⤵
      PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
        5⤵
        
        PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        8⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        9⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        9⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
        8⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        6⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        6⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3690.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        6⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        6⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        5⤵
        
        PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        7⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        6⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        6⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        6⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
      4⤵
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        6⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        5⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        5⤵
        
        PID:7932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 460
        6⤵
        Program crash
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
      4⤵
      PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
      4⤵
      PID:16324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        7⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        5⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        6⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        5⤵
        
        PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        6⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 488
        7⤵
        Program crash
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37296.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        6⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        5⤵
        
        PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
      4⤵
      PID:15548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        6⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        5⤵
        
        PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
      4⤵
      PID:13304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
      4⤵
      PID:16248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51099.exe
      4⤵
      PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
      4⤵
      PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
      4⤵
      PID:8244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        5⤵
        
        PID:17616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
      4⤵
      PID:17784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
      4⤵
      PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
    3⤵
    PID:14708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
    3⤵
    PID:13796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        9⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        10⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        10⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        10⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        9⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        9⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        9⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        9⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        8⤵
        
        PID:17828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        9⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        9⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        9⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        8⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        8⤵
        
        PID:14608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14608 -s 440
        9⤵
        Program crash
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        7⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
        6⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        8⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        7⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        8⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        9⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        9⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        8⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        7⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13680 -s 464
        8⤵
        Program crash
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30133.exe
        7⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        6⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        7⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        6⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        5⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        9⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        7⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15624.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        7⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        7⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        8⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        7⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        7⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        6⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        5⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42914.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        9⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        7⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        7⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        7⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        6⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        6⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe
      4⤵
      PID:10576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        6⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        5⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        6⤵
        
        PID:15884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15884 -s 408
        7⤵
        Program crash
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
      4⤵
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        5⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
      4⤵
      PID:8444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
        7⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        6⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        6⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        5⤵
        
        PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        5⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
      4⤵
      PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        5⤵
        
        PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
      4⤵
      PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        6⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        5⤵
        
        PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
      4⤵
      PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
        5⤵
        
        PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
      4⤵
      PID:10188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 408
        5⤵
        Program crash
        
        PID:17344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
    3⤵
    PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
      4⤵
      PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
      4⤵
      PID:11296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
    3⤵
    PID:9492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
    3⤵
    PID:14412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
    3⤵
    PID:7660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        7⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        7⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46823.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        6⤵
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47580.exe
        6⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        6⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        6⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        5⤵
        
        PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
      4⤵
      PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
      4⤵
      PID:16076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        7⤵
        
        PID:17836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        6⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        6⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 492
        7⤵
        Program crash
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        6⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        6⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        6⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        5⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        5⤵
        
        PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
      4⤵
      PID:16748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
    3⤵
    - Executes dropped EXE
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        6⤵
        
        PID:8936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 616
        6⤵
        Program crash
        
        PID:13144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 752
        5⤵
        Program crash
        
        PID:9464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 740
      4⤵
      Program crash
      PID:6988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        5⤵
        
        PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
      4⤵
      PID:11908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
    3⤵
    PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
      4⤵
      PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        5⤵
        
        PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
      4⤵
      PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
      4⤵
      PID:10424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
    3⤵
    PID:12052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
    3⤵
    PID:4044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        5⤵
        
        PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
      4⤵
      PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
      4⤵
      PID:12804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
      4⤵
      PID:9260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        5⤵
        
        PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
      4⤵
      PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
      4⤵
      PID:17816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
    3⤵
    PID:8304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
    3⤵
    PID:11684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
    3⤵
    PID:15656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        5⤵
        
        PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
      4⤵
      PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
      4⤵
      PID:11144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
    3⤵
    PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        5⤵
        
        PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
      4⤵
      PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
    3⤵
    PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
    3⤵
    PID:12056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
    3⤵
    PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
      4⤵
      PID:16344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
    3⤵
    PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
      4⤵
      PID:8696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
    3⤵
    PID:13672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
    3⤵
    PID:16048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
  2⤵
  PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
    3⤵
    PID:8948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
    3⤵
    PID:12036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
    3⤵
    PID:388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
    3⤵
    PID:17328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
  2⤵
  PID:8364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
    3⤵
    PID:14468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
  2⤵
  PID:11600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
  2⤵
  PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4820 -ip 4820
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5164 -ip 5164
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 8156 -ip 8156
1⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7916 -ip 7916
1⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7160 -ip 7160
1⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7932 -ip 7932
1⤵
PID:12976

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 15884 -ip 15884
1⤵
PID:17092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7836 -ip 7836
1⤵
PID:17176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 10188 -ip 10188
1⤵
PID:17264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe

Filesize
468KB

MD5
1b4c95a6aa8af6728d1be0de9bbdf9b4

SHA1
b5dbd1a5b0121b5cf8483d6e76f39291acccaf78

SHA256
fad39ed9f399f91dd7995e72a8314a5d56773c1b95cb5503ceb9cc595a16b17f

SHA512
4a0868f8c5d8c904c079038e8ec998e8ddf831f5011d1a086b7582307d3d005b28a5142f6ebe70d3c26ad197707b657dfe5b38560d14a860e4c84c16dc09f284

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe

Filesize
468KB

MD5
3788ba2da712cbc4f15beab3772c6642

SHA1
8baf29e3d95cb3f91c474c5b0012a37e11cb53d5

SHA256
a602b7a5b40d9005ea5eca6517fae024f0c431b72907d389427a4a20fe0dffe3

SHA512
d7758fbeb45b320b8a544730413d37193ff28883c07c10c93d359b818742dce6207249a7adec718c10c64cefe93a2a78380e6ae5f3337c8a72e20104290e23aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe

Filesize
468KB

MD5
0a1a1bc941417c933e5e5e14c3064216

SHA1
95c1a6cbbf4132d40c18ce65bbe941bf26c863db

SHA256
fd8424967ff6e21050005aaa702c9d64351cc098b562d0a1274821e9cd4de0ba

SHA512
860d638c35bcbe68f29309206245468993f15b31be12d30658718b58ac2708d69cd40a7f43d5450ded8eeb6eb0f3afa5d9cdbb2d607e2c0bc04e9e191b6226ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe

Filesize
468KB

MD5
682533d3d9e3e53f61c887a987a511bc

SHA1
9da95f8fdd384f84c3f896d76e6f31b3187d6d6b

SHA256
c5ca2ea3087b6b99c499927dff74df1502413281191964ecd8c491fa1bedfcc3

SHA512
957464b6a5b0d50306b1fb7214661063f1e328feedac9520fe802ce7e987575fd24c9c8b8ea26e09a2e064c0b9b703db887b980321de27746925497ae15a48c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe

Filesize
468KB

MD5
c77e89edf863223a4f373d028ecb2f3f

SHA1
0050bc6c1ccd818b305626418661a272de2d0ebc

SHA256
b2040de5b4665bfa28e4ab6c021c971bedce206e6508bfcf2002f378041a3901

SHA512
e67a9bb1604548d946b328cb17246373dc530c8d0c5aa7bcecc25cdbf3debea1db03a9a595d31e6ee2c6a4ea117ddf5d835f308bd3a9b92ad8d53e7df3d9e2f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe

Filesize
468KB

MD5
3c2841afde9df554eff6c852abb7f425

SHA1
50bea7fe653728fb18db0ffc64c0e8de87ce0951

SHA256
5c195ed20c6e8c920d394cb86686afbc581bf68dc430c1d292226a3b1c51bdd9

SHA512
8c54ff2b72ea3f874f44d4a44b58565194e0f26b608b863f4c0b00d0889b2b8a8d29d902598056ff9443ec15307d4288b64cab4fed1f987e0edfd55d33022045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe

Filesize
468KB

MD5
002a74a35fbc9bc01fd2bbf32ecbf664

SHA1
4276df9116e2d70a1b42d3c316e4072845601d50

SHA256
e05fb1e0e060e02fba4e5797020af5a5b6acd494d3e188be85ef73f87e6dc97d

SHA512
24d48a7f3e49c500e6161f5b3552923aea3ec68b909dd3cfddc0e95e8b1e281728a62fe90b687ede0cb680d9d7c3eeca7a072d92aa635265b539cfd8fefb5619

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe

Filesize
468KB

MD5
61934befc8728b5acc9a0b9e32eae422

SHA1
378d310521233a1caf88476763c862642df85d82

SHA256
8f882c64aa975f0b48bd8e5a224c7a79e0037ab4b043de440efe4cdd7d0a95b7

SHA512
529f372ef196c547853ad46ec53b8b3e47601890d1920cf04b33b2c718629807e3476fcae2ad93528952d76380fff3cfeacf84b2ab97d75b22df487697620b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe

Filesize
468KB

MD5
f0898fc8e91826b959774f4f1f9f96c7

SHA1
b110c3be38686a2388e69e2cebe9c0cb8aa867c9

SHA256
0e67c2f8313fd0ab7c2a043ec89b85e5d35575402a95f64b4ca148846b2c85a2

SHA512
349e60fbb768f4944732664d23d109beb9513997c93f976005a9d3fdf80b6b62dcf96de2b6b5837613203031199bccc3df212474501acf87a356848e989583c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe

Filesize
468KB

MD5
65bb75b5908eba3e34ffc057b023d147

SHA1
9ef504da0c5236d04679b517ac5a00b4700798c9

SHA256
08ea7865134abf846a96f3b7c98e2e96650b9305519b37eb9edc63e3edd7c1f7

SHA512
0655527c7ce0402b03f560a11d01e19f6ac01e0dc916b33c976e7c4b2644251357f29c4b89e52fffe885b1a1eabbdcc5e334e4c8087f848594f22177f596a1bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe

Filesize
468KB

MD5
420973409e9d0e16187ba41edd85755c

SHA1
9c9462cc97ced0794c408a8786fc58ac4d09b239

SHA256
1fe3f63ee70dad0f9d45c572b196e9fbb72e4aa8fdbffadf6b81e49aea788925

SHA512
132676a37a868d417248ccc79c5bc7454e684ce2c1148f4ef228605d88f0788328c3bd5d5910ea5d7eadc2ca00745d3e145c911c5a134388fe45dc3ad305e393

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe

Filesize
468KB

MD5
739d6b8d909d75d6813dd6def5b1d0c9

SHA1
5168980c038e9cf72203100097875484395eb362

SHA256
ecca11b83d584e428276251c536fb9cc1636c6933aa8fa763e4d20f76bb4a101

SHA512
d05327d1a05f1b1692c2e2a028074ae5d58380dabb6b78ef3637bdbdb9d0b2dcfdc5c7517b757a9013d48d6920d8523dde57aeeb3bff31e176f953f29818be83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe

Filesize
468KB

MD5
bedd7a1416d1b0668f507b12f22a7ef1

SHA1
407fbb71f68d62cf24b250077292fc99c96573fb

SHA256
c3ecee9deec6aa30f9aec1dd815e23aeab513bd3c09221848cd7f3130d437f56

SHA512
8a5c03e70fac748f04dea1446d8a23846a94de35bdcdbc045ff0889ae5d7b94b707bde424e840f67aff64e41fa39a2c8a96f7946be4c53b5f63217b816a0d14f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe

Filesize
468KB

MD5
9cff7da011f4719911b48cfa0b2a34a6

SHA1
1676e57b1ccd305d785813617d0570e6f29f5978

SHA256
480fd546332aad3722e460c001440283567801b12608a2abfc7bc460e70f6df7

SHA512
f5d810aac4b327cad58b84e9dc19ef2f5eb38f3ca7b841e74f5cc134c4c2726524c72155166685fa9d924dc22316a9c32835fc7152840307d341960533557000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe

Filesize
468KB

MD5
317dfce69595082d461c985d04c4aa6e

SHA1
33f60f90161ffef236745b11f669aee4e68d9191

SHA256
aa41dd4fa558e8d84e7087558d7e6d7b76a7231227fd9d09547596e44ff081dc

SHA512
dfef42fb6ab98450158114bac013da3c24e69f39dc886afcc392fce46c74b18271053a7b1104de0569d7e13bd8ace1f92c27c7525ddcb9b9cae908042eade394

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe

Filesize
468KB

MD5
62ba129934a3610e88865aebe7352c4b

SHA1
907a1a581a8f9f921e9207fc894ebc4bd07916dd

SHA256
9bde5e115220ffe2202088ee0af31786fbbc2432736b44ca6479b6b7f9197de5

SHA512
9a4e3956b1cb5c1f064122b67f3029ab137eb8538d35a8e7ca9cda3bc6b2cc085944fc0a93840d12849205323bb5c602391c5e8f80d4917e72a4eaa033a76f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe

Filesize
468KB

MD5
00fde1cc66ca1a57e26b0bcc2198bda1

SHA1
7381e5680b82f22d4ff02fd454c3a488e19472ed

SHA256
7a8a171f9bd849e9a2d78e787e859540c443f28a4cd6457841572b9eec61b6f7

SHA512
018b4a5b79caf077c39176d5e9d872a1cfd9e7fbed1f8fa230a6b46f490473705eb6803e6ba439930f642b9859aad8df01a5c278ebe599a64e1a94f4a07eebfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe

Filesize
468KB

MD5
4fe0db8a633474bd5bfe3e18ca4bb51e

SHA1
2c30191fbb5c71fac72826eeabf605e408075696

SHA256
71e2e9456b1105a4bc5220c7b89327a6d37b133bf8ed233dade15e891f0c2691

SHA512
88f5839646ed50f6cd9e4ccb910b44f1b9ec045f2ff758b279fd6cdc55a65945776f9818175201817d4f09d63b045be818b00db2f79241352fbff956836a4e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe

Filesize
468KB

MD5
77792b4620f84d7edcb9e91205efaddc

SHA1
e10103a914396e7c9c87ff9719232e4ac27a929f

SHA256
f91877d1bc37745edc4d5f5a713da991c2277a3ea1f0c4fa5c5dda11ab7ad4ed

SHA512
75c7d9c3043f597845bb2e13ede26d53628314b40ef8d425b8c94801bdcdf01bfc6c88d21f6fb303e1e793caf4ce9b3283a23597acb4482047e55dcd86c6f58c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe

Filesize
468KB

MD5
7650e79f474b09232997d6498b8c7eb4

SHA1
5294d80901988b7e497806e8cc183cb7db6838ae

SHA256
96815231336cd3ba91d3f902f9706b6c7817ae960f58b8b0d9c2aa5ae459f8b1

SHA512
2677637e3596ea2435ae31d12de2495bda9cf1ec2e04dbb7844cb75e216a88bfa0c853a0fea7f89865b282e27d64648c23b8284894d68fc1ce7f582ed4c85f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe

Filesize
468KB

MD5
0a59926a83f7e555cc3f9578fc4c6812

SHA1
2dbc053bbb365125e3ebccb9a2d09e1bebc67b21

SHA256
6aedab32342dbf3868df70a74729409b6da8637dfabd4020b3cc39f2195debd0

SHA512
fc7d9b640cdd24636769c984298982796cf82e8162cc1f744f086227e1a89b34afcbef000a46765740368d22274941c66f4fff18847c271655bcd0ac324697b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe

Filesize
468KB

MD5
08f7eaae62aaf0f89940aade9f2e0ae7

SHA1
d54b853170295fb1faf9a1c759134b5b14469980

SHA256
50bd0244e289a22278855cbc4707160bb3834cb646728dd8d9a01438966a07e9

SHA512
f577881bdb8c270f9974b088d3053ec5d3f0dfd52aa5720796904bbc1bec53fc893080e843b3dd6a58c99d7dc00a89cd00d8d04b78ddc5a31b9adc7080a2a7ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe

Filesize
468KB

MD5
21f85edc0ec939967604d5127ac98414

SHA1
a8cc448281ac37b52c86beda1e739e0354c10a78

SHA256
0767d0ca62fd9e23c434922388116a9444a8378650c598dbe4ec0b318ae0b36d

SHA512
41a2ecec6099d4e62b80820294fd52ff62ba2ab89003d5cb109c8f966786a89cc5073ca614a67fd3f6088c2669fdbbb770e1f8aefa1c50ccd0d8c5f95cbb01dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe

Filesize
468KB

MD5
718b4ba92bdf111ce337bbbf2da87442

SHA1
d15838fd1868eed9bafecf5389fdd1eb4dd47fd7

SHA256
97a54812f92363934d7f758166b74174f3989c6bb728b41b8aab6c660157aae6

SHA512
e0c602217efe48d92491de9dd8d7b64a9d53c229bd9199362aba305be9656b660dcaa9e2a32a353a1d879b8553c99e2f692843b05ea6996591bfc71816fd25ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe

Filesize
468KB

MD5
1903be78f536df3c3fd778ca94ccfcd2

SHA1
dd947c692b46497ce24aad4f292d12cc8d554260

SHA256
b83ccac8e2365c7fc8f2f4f0d98f7b3662292cee7e46eb41920e64cff69539f1

SHA512
f947eae52267bdc2e7dd720b1d5201fae9f699c701c5b338cc6a28cd184ded1552cb13580e627054ec7f65cb03f9e58486eca5aea1d51ea1299d81d9e32620ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe

Filesize
468KB

MD5
4c65b123c1cb33f8c9af717d8445565a

SHA1
44469b72e967d9c12d8beed578fa4d6abe038922

SHA256
b3bc47a58cee309edb7ed1f9bf41846976b42f3ff05f04f334e080159bfe077b

SHA512
f08f1527dd5ddec3401efe4cfe04fb7d1f77185217493c363e51567e2ca668a9db898770900f9f5823dcaf8a5c16d688031e3a937c3822ca046566613effa9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe

Filesize
468KB

MD5
b55efe07d6a0c325094d7be4a11d59cf

SHA1
a5d3b70705f25d7666a9ec6dfd4bf2c82eddfdca

SHA256
a1fa054d93d8f9b9e7fd72378c5f79304802a53b70f6976d1e08e46413296561

SHA512
3d19218cdf4db94bda079b60e74a49a79b135edf25944e00755257560f1fb962a740b61a16d5e7984685316a05012d8de5b352ea8c11432b8756343ba763f505

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe

Filesize
468KB

MD5
f0e9d7798fdf72280d371c589219f46f

SHA1
48104d4fcc33ef932ed5a554f039978979bd01db

SHA256
eef3cc077db6e0389d75e0733f1d3b1d4330fd9a4bfa9109ba8df45337607fc7

SHA512
afcf0d77ff0024e38125f84be20b83d05262da81e9e0fd2d2748343087ae1ca5071875c0e63f852fe6ce71ddfe33336dbf5ab3e4cd7e722f5781db285b6ba089

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe

Filesize
468KB

MD5
a3fc400e8528ea6e97226117af93334a

SHA1
948e6ff6aaffc6e0bf534345333b9e56db906247

SHA256
df7f49ac970e9d0369bad7ea833899864c5bf38da81e6a148133f789c5d08990

SHA512
247a899f07b3a88656a246e4e9465862b4c66180e2f125db1de3b27d221df2a0be0d063b330eb8fd0372429ea13700acc86af1bb5f139b7ee7a6f3cc8bcdbbcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe

Filesize
468KB

MD5
60560f9f704fa7c297c3ef28cd7957e0

SHA1
fb383c5ded81eeea381fbc8fde21c4910159a7ec

SHA256
559510f9b8ad9f3fadf537cbb1bc2fb89e0b4be3d759e8aace828e7355105258

SHA512
090071b6e4e5ca3bea73b2f03419c9d0a9638a072a74ac5520606440da495fd5f0e9c8f6973115b2ddaddef4fbdb29e8fd440f176626ab6f89137580a8f186ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe

Filesize
468KB

MD5
aabec196b901913c70287d8412eb12d9

SHA1
bff494df2d34e70b3616f4e3ae0f62f451a8af49

SHA256
22dbe6ee8ddedb06e79f00f583c3d8995dd422151147f99651aecec8ea1ec78b

SHA512
6d514ea23845c7e61f0744dd0aff01685485ddd7bc3f32e27ef03da89550ec2519fe347c57a06115c0acedb037903576ea74805e18d8925b10eda008bedd4285

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe

Filesize
468KB

MD5
10f78f6cc28b6f8619e5a042489c0900

SHA1
6820e75a8dacde47c473e82a5afe88cd0a6ad771

SHA256
5860ce9cb5d982441d0894a5b6277ac27673432b49c6314d3a73ce58981d074f

SHA512
bfc7964d94a3f0552102e01bebc221370bef8a63a97ff7ecdfa559817331a981cf02b1a8afa9a398b4a29eee57a40b5beb2f81b062680d9232aa4cdb7dacffe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe

Filesize
468KB

MD5
2dfac29236e41019410be9ff7426458b

SHA1
c37b4ef9e5457b8c027fb3401b1bc2b5ec73cb4f

SHA256
0b4880add457389df844f4808eecb60fc75e48d6dbb72c69661a3608b48cd738

SHA512
10256288ac11e6e30a8ad5b7bfcac130c2871a186cbae29f8ce6edb57a2c428fdd5e25ed234e2309a0f2c6a05cee05126a20a5bbcd58aaa21abbdf6f462c3686

Download Submit
memory/232-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/428-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/592-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/688-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/820-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1012-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1160-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1252-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1332-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1376-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1488-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1564-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1728-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1792-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1896-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1920-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2232-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2408-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2756-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2960-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3224-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3284-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3304-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3584-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3632-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3744-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3972-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4052-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4352-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5156-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5240-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5392-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5500-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5536-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5564-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5616-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5736-560-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5804-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5836-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7936-2547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13672-2584-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads