b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe
Size

468KB
MD5

27a5d3a30657e18213dddc567c090575
SHA1

8906793e005fd5420fec3261dd2b78d0747ef2d9
SHA256

b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017
SHA512

27159fc1a761e52caf95091adf6e257e257668779d7f92cdbfab92033955c2be9e715527158ee8e7ac94121837f35b84fd0cb8b51e8157a531f5e36498457711
SSDEEP

3072:13mCogWxjQ8pmbxOPz/Czf8/EChbaDpoymHBaVrZLZd3WldFDbmp:13roBdpmoPbCzfPdgoLZ9mdFD

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
228	Unicorn-63810.exe
5104	Unicorn-37164.exe
4596	Unicorn-50189.exe
804	Unicorn-36140.exe
2856	Unicorn-14546.exe
2520	Unicorn-34412.exe
3588	Unicorn-9231.exe
924	Unicorn-4929.exe
4120	Unicorn-1234.exe
4296	Unicorn-6657.exe
2196	Unicorn-54550.exe
3664	Unicorn-8001.exe
1980	Unicorn-8686.exe
3104	Unicorn-52660.exe
3916	Unicorn-23907.exe
4552	Unicorn-51269.exe
2892	Unicorn-49385.exe
4912	Unicorn-51461.exe
2040	Unicorn-49925.exe
920	Unicorn-25813.exe
3592	Unicorn-51186.exe
4772	Unicorn-40517.exe
3560	Unicorn-56976.exe
4892	Unicorn-53890.exe
3772	Unicorn-53890.exe
736	Unicorn-55151.exe
936	Unicorn-45042.exe
2100	Unicorn-52006.exe
2352	Unicorn-52271.exe
668	Unicorn-32405.exe
1508	Unicorn-44685.exe
4952	Unicorn-10634.exe
1424	Unicorn-302.exe
4736	Unicorn-20168.exe
3460	Unicorn-58927.exe
748	Unicorn-52797.exe
3768	Unicorn-21355.exe
4092	Unicorn-65419.exe
4716	Unicorn-34885.exe
3468	Unicorn-17096.exe
2872	Unicorn-17096.exe
4460	Unicorn-17096.exe
3136	Unicorn-7879.exe
2720	Unicorn-42114.exe
4088	Unicorn-18194.exe
4584	Unicorn-26773.exe
784	Unicorn-59010.exe
3540	Unicorn-22610.exe
1636	Unicorn-25237.exe
1420	Unicorn-44838.exe
2112	Unicorn-37873.exe
3524	Unicorn-45103.exe
4744	Unicorn-9415.exe
4396	Unicorn-17557.exe
616	Unicorn-38767.exe
4908	Unicorn-9058.exe
4796	Unicorn-35970.exe
2472	Unicorn-37231.exe
4260	Unicorn-33265.exe
464	Unicorn-53131.exe
1368	Unicorn-15029.exe
2760	Unicorn-35709.exe
4312	Unicorn-31627.exe
1616	Unicorn-28974.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
8980	2760	WerFault.exe	154
9960	6796	WerFault.exe	271
10588	2760	WerFault.exe	154
11652	5676	WerFault.exe	193
11628	6820	WerFault.exe	272
12044	7028	WerFault.exe
10156	6820	WerFault.exe	272
14384	5540	WerFault.exe	354
14480	7028	WerFault.exe	356
14504	7816	WerFault.exe	359
17148	7816	WerFault.exe	359
5964	5540	WerFault.exe	354
11356	17860	Process not Found	1120
11336	17812	Process not Found	1119

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2496	dwm.exe
Token: SeChangeNotifyPrivilege	2496	dwm.exe
Token: 33	2496	dwm.exe
Token: SeIncBasePriorityPrivilege	2496	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe
228	Unicorn-63810.exe
5104	Unicorn-37164.exe
4596	Unicorn-50189.exe
804	Unicorn-36140.exe
2520	Unicorn-34412.exe
3588	Unicorn-9231.exe
2856	Unicorn-14546.exe
924	Unicorn-4929.exe
4120	Unicorn-1234.exe
4296	Unicorn-6657.exe
2196	Unicorn-54550.exe
3104	Unicorn-52660.exe
1980	Unicorn-8686.exe
3664	Unicorn-8001.exe
3916	Unicorn-23907.exe
4552	Unicorn-51269.exe
2892	Unicorn-49385.exe
4912	Unicorn-51461.exe
2040	Unicorn-49925.exe
920	Unicorn-25813.exe
3592	Unicorn-51186.exe
4772	Unicorn-40517.exe
3560	Unicorn-56976.exe
4892	Unicorn-53890.exe
2352	Unicorn-52271.exe
2100	Unicorn-52006.exe
736	Unicorn-55151.exe
936	Unicorn-45042.exe
3772	Unicorn-53890.exe
668	Unicorn-32405.exe
1508	Unicorn-44685.exe
4952	Unicorn-10634.exe
1424	Unicorn-302.exe
4736	Unicorn-20168.exe
3460	Unicorn-58927.exe
748	Unicorn-52797.exe
3768	Unicorn-21355.exe
4092	Unicorn-65419.exe
3468	Unicorn-17096.exe
4716	Unicorn-34885.exe
2872	Unicorn-17096.exe
4460	Unicorn-17096.exe
3136	Unicorn-7879.exe
2720	Unicorn-42114.exe
4088	Unicorn-18194.exe
3540	Unicorn-22610.exe
4584	Unicorn-26773.exe
784	Unicorn-59010.exe
1420	Unicorn-44838.exe
1636	Unicorn-25237.exe
3524	Unicorn-45103.exe
4744	Unicorn-9415.exe
2112	Unicorn-37873.exe
4796	Unicorn-35970.exe
4260	Unicorn-33265.exe
616	Unicorn-38767.exe
1368	Unicorn-15029.exe
4396	Unicorn-17557.exe
464	Unicorn-53131.exe
2472	Unicorn-37231.exe
2760	Unicorn-35709.exe
4908	Unicorn-9058.exe
4312	Unicorn-31627.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 228	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	86
PID 2076 wrote to memory of 228	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	86
PID 2076 wrote to memory of 228	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	86
PID 228 wrote to memory of 5104	228	Unicorn-63810.exe	91
PID 228 wrote to memory of 5104	228	Unicorn-63810.exe	91
PID 228 wrote to memory of 5104	228	Unicorn-63810.exe	91
PID 2076 wrote to memory of 4596	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	92
PID 2076 wrote to memory of 4596	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	92
PID 2076 wrote to memory of 4596	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	92
PID 5104 wrote to memory of 804	5104	Unicorn-37164.exe	94
PID 5104 wrote to memory of 804	5104	Unicorn-37164.exe	94
PID 5104 wrote to memory of 804	5104	Unicorn-37164.exe	94
PID 228 wrote to memory of 2856	228	Unicorn-63810.exe	96
PID 228 wrote to memory of 2856	228	Unicorn-63810.exe	96
PID 228 wrote to memory of 2856	228	Unicorn-63810.exe	96
PID 4596 wrote to memory of 2520	4596	Unicorn-50189.exe	95
PID 4596 wrote to memory of 2520	4596	Unicorn-50189.exe	95
PID 4596 wrote to memory of 2520	4596	Unicorn-50189.exe	95
PID 2076 wrote to memory of 3588	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	97
PID 2076 wrote to memory of 3588	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	97
PID 2076 wrote to memory of 3588	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	97
PID 2520 wrote to memory of 924	2520	Unicorn-34412.exe	100
PID 2520 wrote to memory of 924	2520	Unicorn-34412.exe	100
PID 2520 wrote to memory of 924	2520	Unicorn-34412.exe	100
PID 4596 wrote to memory of 4120	4596	Unicorn-50189.exe	101
PID 4596 wrote to memory of 4120	4596	Unicorn-50189.exe	101
PID 4596 wrote to memory of 4120	4596	Unicorn-50189.exe	101
PID 804 wrote to memory of 4296	804	Unicorn-36140.exe	102
PID 804 wrote to memory of 4296	804	Unicorn-36140.exe	102
PID 804 wrote to memory of 4296	804	Unicorn-36140.exe	102
PID 5104 wrote to memory of 2196	5104	Unicorn-37164.exe	103
PID 5104 wrote to memory of 2196	5104	Unicorn-37164.exe	103
PID 5104 wrote to memory of 2196	5104	Unicorn-37164.exe	103
PID 2856 wrote to memory of 3664	2856	Unicorn-14546.exe	104
PID 2856 wrote to memory of 3664	2856	Unicorn-14546.exe	104
PID 2856 wrote to memory of 3664	2856	Unicorn-14546.exe	104
PID 3588 wrote to memory of 1980	3588	Unicorn-9231.exe	105
PID 3588 wrote to memory of 1980	3588	Unicorn-9231.exe	105
PID 3588 wrote to memory of 1980	3588	Unicorn-9231.exe	105
PID 228 wrote to memory of 3104	228	Unicorn-63810.exe	106
PID 228 wrote to memory of 3104	228	Unicorn-63810.exe	106
PID 228 wrote to memory of 3104	228	Unicorn-63810.exe	106
PID 2076 wrote to memory of 3916	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	107
PID 2076 wrote to memory of 3916	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	107
PID 2076 wrote to memory of 3916	2076	b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe	107
PID 924 wrote to memory of 4552	924	Unicorn-4929.exe	108
PID 924 wrote to memory of 4552	924	Unicorn-4929.exe	108
PID 924 wrote to memory of 4552	924	Unicorn-4929.exe	108
PID 2520 wrote to memory of 2892	2520	Unicorn-34412.exe	109
PID 2520 wrote to memory of 2892	2520	Unicorn-34412.exe	109
PID 2520 wrote to memory of 2892	2520	Unicorn-34412.exe	109
PID 4120 wrote to memory of 4912	4120	Unicorn-1234.exe	110
PID 4120 wrote to memory of 4912	4120	Unicorn-1234.exe	110
PID 4120 wrote to memory of 4912	4120	Unicorn-1234.exe	110
PID 4296 wrote to memory of 2040	4296	Unicorn-6657.exe	111
PID 4296 wrote to memory of 2040	4296	Unicorn-6657.exe	111
PID 4296 wrote to memory of 2040	4296	Unicorn-6657.exe	111
PID 4596 wrote to memory of 920	4596	Unicorn-50189.exe	112
PID 4596 wrote to memory of 920	4596	Unicorn-50189.exe	112
PID 4596 wrote to memory of 920	4596	Unicorn-50189.exe	112
PID 804 wrote to memory of 3592	804	Unicorn-36140.exe	113
PID 804 wrote to memory of 3592	804	Unicorn-36140.exe	113
PID 804 wrote to memory of 3592	804	Unicorn-36140.exe	113
PID 2196 wrote to memory of 4772	2196	Unicorn-54550.exe	114

C:\Users\Admin\AppData\Local\Temp\b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe
"C:\Users\Admin\AppData\Local\Temp\b25e3289fec1f7e90c1820d3353835c9404000a4c7901b067c37a0770b8af017.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        10⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        10⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        10⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        10⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        9⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        9⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        9⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        9⤵
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        9⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        9⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        9⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        8⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
        9⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        9⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
        8⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        8⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        9⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        7⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        8⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        6⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        7⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        9⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        9⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        8⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        8⤵
        
        PID:17764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        8⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 688
        9⤵
        Program crash
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 688
        9⤵
        Program crash
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        8⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        8⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        7⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        6⤵
        
        PID:17620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        7⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        7⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        7⤵
        
        PID:18188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        8⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        9⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 692
        10⤵
        Program crash
        
        PID:14504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 692
        10⤵
        Program crash
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        9⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        9⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        8⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        8⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        7⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        8⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        7⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        7⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48928.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        8⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        7⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        6⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 836
        7⤵
        Program crash
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 880
        7⤵
        Program crash
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        7⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        6⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        6⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        5⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        6⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        5⤵
        
        PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        6⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        7⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        7⤵
        
        PID:17564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        7⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
      4⤵
      PID:17288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        9⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        9⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        7⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        8⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        8⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19759.exe
        8⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11243.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        6⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        6⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        7⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        6⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25913.exe
        5⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        7⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        7⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        6⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        7⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        7⤵
        
        PID:18288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
        6⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        5⤵
        
        PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        6⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
        5⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        5⤵
        
        PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
        6⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      4⤵
      PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
      4⤵
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        6⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        7⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        6⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 756
        7⤵
        Program crash
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        6⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        7⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        6⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        6⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        6⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        5⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        7⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        6⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        6⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        5⤵
        
        PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
      4⤵
      PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        7⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        5⤵
        
        PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        5⤵
        
        PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
      4⤵
      PID:9012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        6⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        6⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
      4⤵
      PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
      4⤵
      PID:9448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
    3⤵
    PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
    3⤵
    PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
      4⤵
      PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
      4⤵
      PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
    3⤵
    PID:12064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
    3⤵
    PID:16536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-260.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        10⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        10⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        9⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        9⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        9⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        9⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
        9⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        8⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        7⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        7⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        6⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        9⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        8⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        8⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        7⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        7⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        7⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
        6⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        9⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        7⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        7⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        5⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        8⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        7⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        6⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        5⤵
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        9⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        9⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        8⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        8⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        7⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        6⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
        7⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        5⤵
        
        PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        6⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        5⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48776.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        5⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        6⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        5⤵
        
        PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
      4⤵
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
      4⤵
      PID:9024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        6⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        7⤵
        
        PID:16476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        8⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56275.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        6⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        5⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        5⤵
        
        PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        5⤵
        
        PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
      4⤵
      PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
      4⤵
      PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        5⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        8⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        8⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        7⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        6⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        5⤵
        
        PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        6⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 632
        7⤵
        Program crash
        
        PID:14384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 632
        7⤵
        Program crash
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        5⤵
        
        PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
      4⤵
      PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
      4⤵
      PID:16432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
        6⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        5⤵
        
        PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
      4⤵
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
    3⤵
    PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        5⤵
        
        PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
      4⤵
      PID:8824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
    3⤵
    PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
      4⤵
      PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
    3⤵
    PID:12172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
    3⤵
    PID:7468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        9⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        9⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        7⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        7⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        5⤵
        
        PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        5⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        6⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        5⤵
        
        PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        7⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        6⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        6⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        5⤵
        
        PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        5⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
        5⤵
        
        PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
      4⤵
      PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        6⤵
        
        PID:10732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 636
        5⤵
        Program crash
        
        PID:11652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 628
      4⤵
      Program crash
      PID:8980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 628
      4⤵
      Program crash
      PID:10588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        5⤵
        
        PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
      4⤵
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
      4⤵
      PID:9464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
    3⤵
    PID:8384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
    3⤵
    PID:11996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
    3⤵
    PID:5900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      4⤵
      PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        5⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        6⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        5⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
      4⤵
      PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
      4⤵
      PID:8968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        5⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
    3⤵
    PID:14996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
    3⤵
    PID:5200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
      4⤵
      PID:9740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
    3⤵
    PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      4⤵
      PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        5⤵
        
        PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
      4⤵
      PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
      4⤵
      PID:17660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
    3⤵
    PID:8496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
    3⤵
    PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
    3⤵
    PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
    3⤵
    PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
      4⤵
      PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
      4⤵
      PID:9852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
    3⤵
    PID:12180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
    3⤵
    PID:7244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
  2⤵
  PID:5820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
    3⤵
    PID:7868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
    3⤵
    PID:11220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23150.exe
    3⤵
    PID:8860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
  2⤵
  PID:8420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
  2⤵
  PID:12128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:16548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2760 -ip 2760
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6820 -ip 6820
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6796 -ip 6796
1⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2760 -ip 2760
1⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5676 -ip 5676
1⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6820 -ip 6820
1⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7028 -ip 7028
1⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6796 -ip 6796
1⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5540 -ip 5540
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7028 -ip 7028
1⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7816 -ip 7816
1⤵
PID:13412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5676 -ip 5676
1⤵
PID:14368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7588 -ip 7588
1⤵
PID:14424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7588 -ip 7588
1⤵
PID:14516

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7816 -ip 7816
1⤵
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5540 -ip 5540
1⤵
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe

Filesize
468KB

MD5
97f7978ca839b6bacc236f0d623b81a5

SHA1
22593ab1d96043f481bb09f6486a9385b31996d6

SHA256
b1e9b991d2e8e061d067b6854e60a321b84a525f1f34c06a59d5848a728bcc79

SHA512
ef0a0e83b6c56da9b937e07dea686d1b3aac2520a66cecbd29438e41286de420b750464681f554e1da39fc13109525473efd55e6d9848adc93847d3367b7b62a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe

Filesize
468KB

MD5
9089a88f7e5851c52cdb9c8168129fcb

SHA1
f466e514f5b1a67b08962d2d9926f632fb8ee620

SHA256
f5a05142fcbd36b2733565b21c44d0d66476bf0b7a23be2595fe1050294bdd45

SHA512
8b60d58da4ec2effafd0e9e14e45fdaf902ac036412c5122166040554a87e46d8c3fe46f4a344250cf57fdff5bebc6e7a96fd457da9a7bab932a63fa2cd250e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe

Filesize
468KB

MD5
50e8d2cfa94b42dbe43f1491928503d2

SHA1
8dc93a8336c19db7b21cb301e81db2fbee4af917

SHA256
12803f33826b4fe0ce5f903afa1edda3d3cf58ba9b6b7a069a84bfa5e7f18a09

SHA512
cd7730a1476d86efdb642768af3e459119830aecc9d03b0bf1ece3917c624b08ed9f6e2083e168bbbfa0a854ccc782b65fc73a0a891a9c6fc698d4202a451e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe

Filesize
468KB

MD5
36d110fde16d413831b164cba6c51ea6

SHA1
1bcea11b746e240fb95dc61c2a361fd65cb62da6

SHA256
6d22e970d7f04cf1b7ac601676db2ec80a63b7b29cea54753591d72ddb109efb

SHA512
78d44e7345f919603aa76e583e5e8e07e1db1eb5ce3c22072a39f426896481f35dfaa573a52c46ac9fc5d53380da287426d1abfb3fd29a8bedfd3461ebfaf5a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe

Filesize
468KB

MD5
460d191df5bbf78eef887ed404807659

SHA1
6076cb87b16924abf27323bedffb7ef4b9d23ee4

SHA256
323aab3e5f759ac3379548436f2c39094793a0e2f8dc4965f6ac40854f2b9980

SHA512
25a816246b4ce18465fb0a27ac9b149c9011d53ca2a3a72a04b2a5e073530a31892ddba7f0f9d93f54d721befc31b841e0c78ad492d50e9cc7f905c42f80b516

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe

Filesize
468KB

MD5
da3b7c72a2e5dcba2ebb8a4f892758eb

SHA1
161e2c710230fa488a3614cb3afa12d6cc595377

SHA256
69a207b2db4d9569dd756053f39411bc230dc36b15c70a1e169a4792fb98c633

SHA512
01aa005643b50a6fdae24c8158489d65ce134045a52bc7ed649fc8d83307ef9d9ccfaad745e1ba330b697a3aeeb1138922ee663dc7338b4ec2e0f4642ebee939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe

Filesize
468KB

MD5
b60ea3b4e23476cf8b20bd9a0f5e79bc

SHA1
92e05d476cc922ff4da0053e92450b61e3a6945f

SHA256
563bca20e9a7e88d00df22e45a4a918d47b3b40757d17b7e6dd46dfe2af8c58d

SHA512
f2b8ee998d9f35f9760c4f3d2e2bb751510e46e72b82ee02afaa773f4aaf04b30ec6e7325b5a682a928a62ddb07b98f420167eb5f10739d4977b1c82001042e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe

Filesize
468KB

MD5
948349321e6ffcf80b107bd5cee367fc

SHA1
1b8b6198af2bcdd6371b6499a121abda142c3dc1

SHA256
ff3cfc6c42ecdd5e23371fbf9b80a930799742d2eaf7504e18a2ec084be4b737

SHA512
c48d9e5a9b4d26491b83a75202dde123afb00a810fc6764f421ffef4710c8149f6d7665365e50378563c735e3bbf7686c5c9522b15b339404e6bc836d62c44a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe

Filesize
468KB

MD5
d47be4566e12a3c308d36fce21e57e7b

SHA1
bbd4cc83f7944b0feecb061304e555e614adea0d

SHA256
80f8830fd0089491572d1f0636dd5763df9d9396e5ae17382b2f2ac863240ef9

SHA512
b0166072d8fab8b4914adcfe19d95909e1339b72fef0af7ffd22efa2f62cfe7ca5dc2d6c2ea4214e04a40d3b848b768519227a8a373bc6676b44ef6d70f9c7ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe

Filesize
468KB

MD5
b573b33df140496c5d08a523f8c4c157

SHA1
3946bff58d13de847bcc6e76f9893af9f836d782

SHA256
5aec016fbbe907f314ce3eff5ad6e41ab81b1b0c062e7e100bdee331f66bc330

SHA512
86aae56d26e9f362adcc310c08687a17c8cec583cd46c66e45f0d894f4014d6229b2382287ab666e7afc27746fbd0611f97ff37395243ed67ef7c929f7208881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe

Filesize
468KB

MD5
cc7dc66dc6326a4f1886bcceb08aa588

SHA1
31f7ade48a7ae9ba142b0b27481458c57285ab3c

SHA256
c59b4b6712b094e4a5a4925027d5eac7f4b6161179f2b2851ff14abdd68becf6

SHA512
7c56a8d126aad90e5769e1639a61db36a7656bfb2bdd43197e07d0b94f0eea452f2d857dba8c9e906d366ef01c14ab3618f3cfe0a6bd196f0ac5bc473fb6ba43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe

Filesize
468KB

MD5
8284443cceee52531345e65356563d1b

SHA1
1fd047f43d5497a0475221c9cb0df326e5df931e

SHA256
303e35256093096d9baa418785f515286f76b8db9159f3f4e6e346f6c2a1e00e

SHA512
6114113e1d302fabb5609d93fdd45fc63777808035e36e094d73dc1d70571388b539375ac6904b6444d7d155174233f5c84ca4491b0ee9105a399d9d17c56a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe

Filesize
468KB

MD5
16cb63db5fce7ffbd5662cf71fe045f2

SHA1
52564cbed37cb55fb093dc532de12ec5ee64265d

SHA256
d95fb9753036921218465547b716e1efaf0cadf0af6e5cc9c7edfddb5486f4d5

SHA512
c7fed7dd11bae27590bc414b0fe02b6f93c7965da6a3b839c2abb1cfdb9681b00e279bf483990f145b1b4982edae986df8b9c8a8196d69524506c0a7baa80053

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe

Filesize
468KB

MD5
dea2fb21c067cccdc2276a3412f1f39e

SHA1
419f673eb25efb34f1a145bcb42e199a0ce31d06

SHA256
f9b6153e5ea03dc688a54f1610832a19de6ad4876f98c609a4926e9ba4f39456

SHA512
decef5a9b313d86ad1d892649378d15614e3d0120344e84e32349964a17b691c87df7176a1eb967e0f267e74347c3fe24065d24750dc03ec26cc90341eeca11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe

Filesize
468KB

MD5
4c81a6cd5019fb1aa458c320cf86996c

SHA1
d1090d5e733ca3389b6020cce4391478cfb799a6

SHA256
a44460284caa9283b9a0bfbd3abd438ee303fdcc54b145e16fa6eaa08fbcbcbe

SHA512
d5235646733159f6f49302aa5d9d62aa3e49885d501788032b84aa7d44bbfccb48c65992bfdf73ae07940ff80572ff1900aa27ec22e40c407988c36dd61860a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe

Filesize
468KB

MD5
7eccb63050dc46c55ee90f4ca4bf7beb

SHA1
f7b4e3985c323bff698806f3fa45afbac5791031

SHA256
0e074c46ece1856399516ffd1f74acd71d3111c907c3641ba9938849cb335fa4

SHA512
56a924274e6e9608592e6811ad6a943e50546a2b6b0db4ddd4904b565bac807746a127f922b1b47bbb7650e8e0ade6dc5870176331cf8bc4a3bc8ea1ab093d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe

Filesize
468KB

MD5
4b7e37b344caab2504b1895f64b59e5f

SHA1
433d8b75a611aa833761322a5a714a5f40f5c7d2

SHA256
50f7f32e0539fe0ef74d2e6bf82bede7387fde3e0625c1172861f11d38ed1dfb

SHA512
655913c1bbc76c447b473d73444f9f68cd4cc43e70f3c73015088a1967adeca255d70fae91aa95a0298a03595c9eb7fc2e36cef4c3f8c4ad7c5ec6a6c182eefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe

Filesize
468KB

MD5
1e3f0bb6b34561d86e8b1d2b4037f906

SHA1
93949a2a5b4828d86a8d074d3e66dbe47d02fd48

SHA256
005e62bddaa84013ed5b3f2436237393658c9cc2659d626427e021b44bcb52b6

SHA512
5396b1e69d25497fa8c2927ffb5bd33b0e8a01f54c23e213d1839b0b7ac5186ea52cb5d1a59224d3eb3810f23746b57554b26afa8ff5c4b43d5854a636411f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe

Filesize
468KB

MD5
c7ccfb9772398dce757f0623438b886f

SHA1
37affbc9eff1749f6fa75962cf83034b6b3fca0d

SHA256
7b1c1ffeac4f7d58e71d4c2d59bd1caca0f0bdd22897a9c575ce50f8e0e76bbe

SHA512
7dd7a40230467f8eff6974e37905badf5834b4b04f17e90020f6da3175c44d281c06aae2ce97fe0f22173ae82cde21ab62f0b20bc4a13a553b9774f9d779866a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe

Filesize
468KB

MD5
683b23da8dd3c557253a3e599ed188a3

SHA1
c3c8b7175534efee0e610f1999c24067fa10a7f9

SHA256
abe0e6e8e7308c612d060b0971f1cfe5906798f9d9076e6004ce300e17390f68

SHA512
9183a23836d18f7ace14eccd07ca5c9f407b371f4f9944796e6b5cbd3b78325b9d28fd72b01367725a1f302e733fb94727006ae91aa42defc2e40bdf5d460b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe

Filesize
468KB

MD5
eebde191228a96a454aeba16722a8d11

SHA1
8078fd8b8a3e6831a117c8eb0cda1150aa710dab

SHA256
06394672e7222167f1b0f320b68b0fc9d84ed5b88a695f6cb32f76f3d2191b2f

SHA512
517b1fcc7b2c1ddac962dbe92452d5c151286b8dcaaaf223cdc3a3025da05342a7574b8962da7d8d76ab1b5c37636716cff6b88f0edcffa35f70c83e25c8434d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe

Filesize
468KB

MD5
184d23a30d226c6143368e5afece2042

SHA1
c835279bd17c77d7d38687b351dd4ad935de0d6c

SHA256
69342d66a95f0fd606803ed73bf830057bccd8658ec9b9f81aae715cc0ffe7ef

SHA512
dd59d6ae900b608f53b375a875b7cc39f20ab29c89ff036906d5e55953c6f6750f696a6d1eefd7489949bdf27da5336be848ba5d067769c631bce349bf0f529a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe

Filesize
468KB

MD5
a261a6866ca48cbfca2b29601048c5d2

SHA1
89491bd678fe50883fac44e829ab6fb86b6c24fa

SHA256
f54c822b3d85b0b01ed6f35a47140bf505edb1f613eb44a27048de50e3cea5ce

SHA512
1f51dac1aabfc10c3f738082e69bb6bd4521b6a02e8df7fcffd1b81a437bf728fc27e48b7d79d061a3e2068dc7eca436413e424dce2ac0df2cb8fd553ddec8e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe

Filesize
468KB

MD5
78738d12108ca2d2545bb0df83f910e2

SHA1
c14f0a22032e0ea75a0dbe70524f2713e3a56583

SHA256
1491b458694b3408c830f164550391071b933251de81ce032f113df592b73475

SHA512
546e193608be3af7d6fdb05dea141b8d65277131735cad423b3cba2c242ee4c7bf2e915ce4a86f82781531540453a37bcc9a0e87b63f2ceca7cb591c20c1b467

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe

Filesize
468KB

MD5
a63eae7d3017b79c2e161e3db59bb9e1

SHA1
944eccf2ec14fafb6272e1dba223c1c4c3e240df

SHA256
8ff4225485de7dbec47f93e39a4e1a223d80a16ca1f5a95653d0b968a5cc455d

SHA512
4e7d5c691abfd6b293987b3cfe60b0cbfa1dca04b375d5b864a06b8e2b0e15eb891f0b1b0dec3b52118b6c4c89d3145aab2e04f92c090537464c927164e250ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe

Filesize
468KB

MD5
3d7a1d7e82c31d2cb855cb8925e6b211

SHA1
c5398613088666329d6f266663e2d30477314f08

SHA256
febceae77e2afaa56ae13ed8d1edd12c19c312eee33df8d5281bdac6ac08b340

SHA512
fcecc945e4777bd324cd8b452f2747e06671beb5843448e2f5746ebe2184074cd29085b4934a1c540b94722ef21720f1b9a2c0edb2e7a122b2d8cd49e9f3b956

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe

Filesize
468KB

MD5
e20154ee4f4f0eff334ed89e9d7bc0f8

SHA1
35bdfa83c248d91d8478234239064360651889b2

SHA256
edadf65776d220ce94b3d95a2589df0818496c539acb3337d23801c221cf77f5

SHA512
caff4e2467d4f5233f4c11ae71ff13789d9ca7695fa68a7209c440b37628915d3749d2009e93a3d6b412feb5429498f859d5200bf1f7c2878cab31d66b8b047e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe

Filesize
468KB

MD5
fb62bfe2fa5ab2039fc9562ff7c25b99

SHA1
4f95197a1de40d1d5a4e28018945ff463c6ccbad

SHA256
42f4e32b8c24abf99711f7d5c4f4bc3967137d10d0f17cf7fc3dc99c8c49a4f9

SHA512
e5b670674e95ea3daf28f9c78bea4acefd1b4f0f47df0d084f9123e8dd0c8d38d567d81f08fcacbdd9ed3b1acccd18f2122ac2aed825028f1bbd1f5bbb6df33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe

Filesize
468KB

MD5
06e01aaf7225cf3c2f553bfa758654d1

SHA1
8a933a8fbe5a810247125485fc17f0f3321d3fb9

SHA256
262a7edb665e62de35130e209538bdbfa449661440316c0a2000e3450a8458d7

SHA512
e32518d7bd216730737c5797b856d3c04d359c8ed90c0776fd528a333da4a11e6a18e00123aae4f0a46585a62647cdc3a71be9337d2848b85991bf09a13f391f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe

Filesize
468KB

MD5
d8f07304c041fd29d0d30e03845d679e

SHA1
4fc71ebb771cd15ca9d93ecdef77780820e0b4e9

SHA256
2664918a42c70ce19d0f3a9cd96d657067833d3e588c1c1fcb8f85cea267e1ea

SHA512
7791c672d25ebfcbd9a197f094c37fa81b9d759a7a5038125fcb4a2e3f3cfd863ff1d4ab08def83c265fb32240b4b8ec471cd88a85c8b35e15833a7a118bc7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe

Filesize
468KB

MD5
eb72be4ff0ba2c3a0ad8322491a775e9

SHA1
64c3568af8c3049d348aed2373e26a31abf20235

SHA256
2bb375e5c399dd6612ada898c87ee72577fabdb9cd057779109edeca093f3eac

SHA512
3c9c1cb629dfe6a5cf5174b225beb1c6b8aa7b14afb123a7a9a42cb90d25a5aa1f3946475ba01ccd168da775bdde472a0d97e6da78408a3b1a4a68960f07c7f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe

Filesize
468KB

MD5
7ca11f8de1a235c49cee07487f535684

SHA1
170e60eb1afefb73e5519bba02aa09f28597b2b8

SHA256
f50f9b1f89b06144b46b01b638c5cf984b3f178569c9daa8a5b765d88cd105d1

SHA512
c286348967f7fa268492d236c7f659d55402e4525d5a155e0f762b8edb2df624ad797cca90152f917e77e59698e25a61e8de4559096dda7b5a96727e8e72524b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe

Filesize
468KB

MD5
f8550b1d2af1aeacd007659ef409f054

SHA1
ca13470474234fd6c6f8dadd75b0c600c09b9e6b

SHA256
905ae3b496b7ab68c71a4daaacf22984ba5142a386ed31f3a9f4ae81c0b02f03

SHA512
183dfc9d069cd99ed8cfd9e882d5299fbb81d762268761ce78db982d465fea8771c66c03c86b0be84ea4f82912e4ddb3ee8fc406c34d9e889c4d2d40c81aa69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe

Filesize
468KB

MD5
827f76572a45d06472106483506e6679

SHA1
97cea946925de6e8da508db90c33e5bf37530fa6

SHA256
527ffba7528fcdd86005efac28f554b6706f26c0507eefab5b918b7601ba9d11

SHA512
19e41663fde449b138e0751984de119933466a656402e2a60a43315e32e1cbd3dc58dc751fa20bc26d7f5199f46f4bcbb2d1140236aeef629f6aad23a85cff26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe

Filesize
468KB

MD5
1de00724ab6e7930acaeefe43d15cb3d

SHA1
c1bc03f1c7cc3ea7f2d25762b8705ba53d771f82

SHA256
82cc1df4d61806fe279514b5ca7fe21e78cb933abace40a784ae35a57f904579

SHA512
99f27e1be17fe6abc1fb2aa1d8f5774a3b5dcdeb09bb2982e25ec462b8010e4de80afcea48c002860143ab46001fbe0dcca27bcdd02a6d48448308f156e1df87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe

Filesize
468KB

MD5
cdb8ec5d101e81b994a4da92467abe22

SHA1
15a26e1a6f9e94405e6596bbb0d8d0ccc2df3312

SHA256
a9a7e4e8d4133a6ab8859def2701f62a3026eb8290e17ad4ef6facaf82df4889

SHA512
d8d3b1980eba59d36fe9b2529c67449cc9386c8224789a1d93e80cc17c6d9d2d0923f6951f9a4010562e660f4db2a181f440ca77f55cd5d77c7b2db94bf908b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe

Filesize
468KB

MD5
7248decf003c85e0a3e78de505dc79d0

SHA1
4035ca609d2043b64b8eae0eb9175ae90d5ceb12

SHA256
0016807b6806e8fb484341e029661aa7a275d96e20a653f7dc1120e6a5e3264e

SHA512
7589acbc7fa2c05d4784b1fee46f7b20698e0242d4e863ac2522c35a8dc9d309153c3381e4394656dfda6a292ce7ddccfdfbb728e859a11c23eb566002a123ad

Download Submit
memory/224-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/228-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/372-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/616-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/716-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/736-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/784-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/924-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1368-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1420-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1980-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-145-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2112-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2196-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2428-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3136-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3588-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3592-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3672-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3768-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4088-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4120-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4296-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4396-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4584-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4772-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5104-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5244-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5304-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5320-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5372-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5380-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5476-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5696-565-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5704-578-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5780-579-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7588-2193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11692-3281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11916-3300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11924-3303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12328-3513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16340-3478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17812-3454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17936-3585-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17972-3590-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/18044-3179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/18112-3185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/18192-3591-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads