18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28

Analysis

max time kernel
120s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
Size

468KB
MD5

ab5e34ff08fdefc7b84a12c4d515b640
SHA1

37328f5deb3b0660b79167599e5923e903b65e0e
SHA256

18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28
SHA512

30fa9da7eace33e5418b44c22996ab964239157c696567f9de00c4e0b3710cd48c28f6a53e4ee1e491e7e21033d78b3bcd7d2a0a57a545c4f4312906aa348e72
SSDEEP

3072:Xkz7ogKxjz8UFbYWPz3Tqf8/Eptj7PpgPmHx+lO0Eln0AFo1SDlk:XkfotAUF1PDTqf/BtuEl04o1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4732	Unicorn-25710.exe
4648	Unicorn-9669.exe
3068	Unicorn-47173.exe
3236	Unicorn-35430.exe
432	Unicorn-12963.exe
4668	Unicorn-10541.exe
4832	Unicorn-39876.exe
556	Unicorn-62726.exe
2780	Unicorn-30054.exe
3676	Unicorn-59389.exe
4840	Unicorn-13717.exe
4384	Unicorn-5165.exe
3104	Unicorn-54101.exe
3972	Unicorn-10188.exe
4420	Unicorn-64572.exe
1224	Unicorn-34470.exe
2192	Unicorn-54485.exe
3628	Unicorn-15549.exe
3544	Unicorn-15549.exe
3968	Unicorn-63598.exe
3740	Unicorn-11060.exe
4856	Unicorn-6156.exe
4952	Unicorn-52093.exe
5088	Unicorn-63028.exe
316	Unicorn-291.exe
4776	Unicorn-41974.exe
1556	Unicorn-54973.exe
660	Unicorn-60924.exe
5084	Unicorn-9301.exe
404	Unicorn-43510.exe
1532	Unicorn-16052.exe
4036	Unicorn-34102.exe
440	Unicorn-57454.exe
1996	Unicorn-57454.exe
1196	Unicorn-57454.exe
628	Unicorn-57454.exe
216	Unicorn-41118.exe
2928	Unicorn-41118.exe
3288	Unicorn-13084.exe
1524	Unicorn-26819.exe
4572	Unicorn-56692.exe
2640	Unicorn-57069.exe
972	Unicorn-62669.exe
1216	Unicorn-396.exe
4944	Unicorn-10867.exe
5008	Unicorn-43038.exe
2452	Unicorn-64013.exe
1268	Unicorn-20262.exe
4860	Unicorn-61678.exe
5032	Unicorn-61413.exe
3884	Unicorn-61678.exe
4116	Unicorn-9140.exe
1288	Unicorn-39212.exe
4972	Unicorn-28238.exe
1464	Unicorn-40852.exe
1264	Unicorn-19878.exe
3208	Unicorn-48532.exe
432	Unicorn-46686.exe
3300	Unicorn-2316.exe
4692	Unicorn-35742.exe
4848	Unicorn-3069.exe
2540	Unicorn-43718.exe
3200	Unicorn-43718.exe
1368	Unicorn-11045.exe

Program crash 30 IoCs

pid	pid_target	Process	procid_target
3060	3068	WerFault.exe	88
4416	432	WerFault.exe	91
4960	4840	WerFault.exe	99
4296	3972	WerFault.exe	100
1944	1524	WerFault.exe	139
1336	1288	WerFault.exe	151
5140	3008	WerFault.exe	179
1400	2452	WerFault.exe	146
7284	3968	WerFault.exe	109
7476	660	WerFault.exe	128
7688	4500	WerFault.exe	249
7264	1464	WerFault.exe	154
7852	432	WerFault.exe	157
7908	5224	WerFault.exe	224
9188	216	WerFault.exe	136
9480	5368	WerFault.exe	200
9432	7576	WerFault.exe	372
8624	7464	WerFault.exe	371
6480	5532	WerFault.exe	211
11248	5380	WerFault.exe	201
12656	7276	WerFault.exe	456
15232	6240	WerFault.exe	273
14516	7732	WerFault.exe	341
13536	3032	WerFault.exe	221
5260	7212	WerFault.exe	389
14708	3968	WerFault.exe	452
14404	8972	WerFault.exe	539
5536	9376	WerFault.exe	510
7956	4204	Process not Found	426
16300	9148	Process not Found	535

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12948.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	9608	dwm.exe
Token: SeChangeNotifyPrivilege	9608	dwm.exe
Token: 33	9608	dwm.exe
Token: SeIncBasePriorityPrivilege	9608	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
4732	Unicorn-25710.exe
3068	Unicorn-47173.exe
4648	Unicorn-9669.exe
4668	Unicorn-10541.exe
3236	Unicorn-35430.exe
4832	Unicorn-39876.exe
432	Unicorn-12963.exe
556	Unicorn-62726.exe
3972	Unicorn-10188.exe
4384	Unicorn-5165.exe
2780	Unicorn-30054.exe
3104	Unicorn-54101.exe
4840	Unicorn-13717.exe
4420	Unicorn-64572.exe
3676	Unicorn-59389.exe
1224	Unicorn-34470.exe
2192	Unicorn-54485.exe
3628	Unicorn-15549.exe
3544	Unicorn-15549.exe
3968	Unicorn-63598.exe
4856	Unicorn-6156.exe
4952	Unicorn-52093.exe
316	Unicorn-291.exe
3740	Unicorn-11060.exe
5088	Unicorn-63028.exe
4776	Unicorn-41974.exe
1556	Unicorn-54973.exe
5084	Unicorn-9301.exe
660	Unicorn-60924.exe
404	Unicorn-43510.exe
1532	Unicorn-16052.exe
4036	Unicorn-34102.exe
1996	Unicorn-57454.exe
628	Unicorn-57454.exe
440	Unicorn-57454.exe
1196	Unicorn-57454.exe
216	Unicorn-41118.exe
2928	Unicorn-41118.exe
3288	Unicorn-13084.exe
1524	Unicorn-26819.exe
4572	Unicorn-56692.exe
4944	Unicorn-10867.exe
1216	Unicorn-396.exe
2640	Unicorn-57069.exe
5008	Unicorn-43038.exe
2452	Unicorn-64013.exe
1268	Unicorn-20262.exe
4860	Unicorn-61678.exe
5032	Unicorn-61413.exe
3884	Unicorn-61678.exe
1288	Unicorn-39212.exe
4972	Unicorn-28238.exe
1464	Unicorn-40852.exe
1264	Unicorn-19878.exe
3208	Unicorn-48532.exe
432	Unicorn-46686.exe
3300	Unicorn-2316.exe
4692	Unicorn-35742.exe
4848	Unicorn-3069.exe
2540	Unicorn-43718.exe
3200	Unicorn-43718.exe
3576	Unicorn-57293.exe
4992	Unicorn-3453.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4732	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	84
PID 5040 wrote to memory of 4732	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	84
PID 5040 wrote to memory of 4732	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	84
PID 4732 wrote to memory of 4648	4732	Unicorn-25710.exe	87
PID 4732 wrote to memory of 4648	4732	Unicorn-25710.exe	87
PID 4732 wrote to memory of 4648	4732	Unicorn-25710.exe	87
PID 5040 wrote to memory of 3068	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	88
PID 5040 wrote to memory of 3068	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	88
PID 5040 wrote to memory of 3068	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	88
PID 3068 wrote to memory of 3236	3068	Unicorn-47173.exe	90
PID 3068 wrote to memory of 3236	3068	Unicorn-47173.exe	90
PID 3068 wrote to memory of 3236	3068	Unicorn-47173.exe	90
PID 5040 wrote to memory of 432	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	91
PID 5040 wrote to memory of 432	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	91
PID 5040 wrote to memory of 432	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	91
PID 4648 wrote to memory of 4668	4648	Unicorn-9669.exe	92
PID 4648 wrote to memory of 4668	4648	Unicorn-9669.exe	92
PID 4648 wrote to memory of 4668	4648	Unicorn-9669.exe	92
PID 4732 wrote to memory of 4832	4732	Unicorn-25710.exe	93
PID 4732 wrote to memory of 4832	4732	Unicorn-25710.exe	93
PID 4732 wrote to memory of 4832	4732	Unicorn-25710.exe	93
PID 4668 wrote to memory of 556	4668	Unicorn-10541.exe	96
PID 4668 wrote to memory of 556	4668	Unicorn-10541.exe	96
PID 4668 wrote to memory of 556	4668	Unicorn-10541.exe	96
PID 3236 wrote to memory of 2780	3236	Unicorn-35430.exe	97
PID 3236 wrote to memory of 2780	3236	Unicorn-35430.exe	97
PID 3236 wrote to memory of 2780	3236	Unicorn-35430.exe	97
PID 3068 wrote to memory of 3676	3068	Unicorn-47173.exe	98
PID 3068 wrote to memory of 3676	3068	Unicorn-47173.exe	98
PID 3068 wrote to memory of 3676	3068	Unicorn-47173.exe	98
PID 4832 wrote to memory of 4840	4832	Unicorn-39876.exe	99
PID 4832 wrote to memory of 4840	4832	Unicorn-39876.exe	99
PID 4832 wrote to memory of 4840	4832	Unicorn-39876.exe	99
PID 432 wrote to memory of 4384	432	Unicorn-12963.exe	101
PID 432 wrote to memory of 4384	432	Unicorn-12963.exe	101
PID 432 wrote to memory of 4384	432	Unicorn-12963.exe	101
PID 5040 wrote to memory of 3104	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	102
PID 5040 wrote to memory of 3104	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	102
PID 5040 wrote to memory of 3104	5040	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	102
PID 4648 wrote to memory of 3972	4648	Unicorn-9669.exe	100
PID 4648 wrote to memory of 3972	4648	Unicorn-9669.exe	100
PID 4648 wrote to memory of 3972	4648	Unicorn-9669.exe	100
PID 4732 wrote to memory of 4420	4732	Unicorn-25710.exe	103
PID 4732 wrote to memory of 4420	4732	Unicorn-25710.exe	103
PID 4732 wrote to memory of 4420	4732	Unicorn-25710.exe	103
PID 556 wrote to memory of 1224	556	Unicorn-62726.exe	104
PID 556 wrote to memory of 1224	556	Unicorn-62726.exe	104
PID 556 wrote to memory of 1224	556	Unicorn-62726.exe	104
PID 4668 wrote to memory of 2192	4668	Unicorn-10541.exe	105
PID 4668 wrote to memory of 2192	4668	Unicorn-10541.exe	105
PID 4668 wrote to memory of 2192	4668	Unicorn-10541.exe	105
PID 2780 wrote to memory of 3544	2780	Unicorn-30054.exe	106
PID 2780 wrote to memory of 3544	2780	Unicorn-30054.exe	106
PID 2780 wrote to memory of 3544	2780	Unicorn-30054.exe	106
PID 3104 wrote to memory of 3628	3104	Unicorn-54101.exe	107
PID 3104 wrote to memory of 3628	3104	Unicorn-54101.exe	107
PID 3104 wrote to memory of 3628	3104	Unicorn-54101.exe	107
PID 4384 wrote to memory of 3968	4384	Unicorn-5165.exe	109
PID 4384 wrote to memory of 3968	4384	Unicorn-5165.exe	109
PID 4384 wrote to memory of 3968	4384	Unicorn-5165.exe	109
PID 3236 wrote to memory of 3740	3236	Unicorn-35430.exe	110
PID 3236 wrote to memory of 3740	3236	Unicorn-35430.exe	110
PID 3236 wrote to memory of 3740	3236	Unicorn-35430.exe	110
PID 4732 wrote to memory of 4856	4732	Unicorn-25710.exe	114

C:\Users\Admin\AppData\Local\Temp\18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
"C:\Users\Admin\AppData\Local\Temp\18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        9⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        12⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        13⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        12⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
        11⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        11⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        10⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        10⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        9⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        10⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        9⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        9⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        11⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        11⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        9⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        9⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        9⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        10⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        11⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        9⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        9⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        9⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        10⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        11⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        12⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        11⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        10⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 752
        8⤵
        Program crash
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        8⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        8⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 628
        8⤵
        Program crash
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
        7⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        9⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        9⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        9⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        8⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 720
        7⤵
        Program crash
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        8⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 604
        9⤵
        Program crash
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        8⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        8⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        6⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
        7⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        10⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        12⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        9⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        9⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        9⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        7⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        6⤵
        Executes dropped EXE
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        10⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        10⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        9⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        9⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        8⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        8⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 628
        7⤵
        Program crash
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        8⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        6⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        9⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13524.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        7⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        10⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        8⤵
        
        PID:6496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 748
        6⤵
        Program crash
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        9⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 648
        9⤵
        Program crash
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        7⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        9⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        7⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        5⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        5⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
        5⤵
        
        PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 720
        5⤵
        Program crash
        
        PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        8⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        8⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        8⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        5⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        8⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        7⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        7⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        6⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        6⤵
        
        PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        8⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        7⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        7⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        7⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        6⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        7⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1500.exe
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        6⤵
        
        PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        8⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        6⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-637.exe
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        6⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        7⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        6⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        5⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64244.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        6⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        5⤵
        
        PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
      4⤵
      PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
      4⤵
      PID:8780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 632
        5⤵
        Program crash
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
        7⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        9⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        7⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        7⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        7⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 648
        7⤵
        Program crash
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        8⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        6⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        7⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        5⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        6⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        5⤵
        
        PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 632
        5⤵
        Program crash
        
        PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        8⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 636
        8⤵
        Program crash
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        7⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        6⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38356.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        9⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
        8⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        8⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        7⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
        9⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54476.exe
        7⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        6⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
        7⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11899.exe
        6⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        5⤵
        
        PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        8⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        7⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        6⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        5⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        5⤵
        
        PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        5⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
      4⤵
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        5⤵
        
        PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
      4⤵
      PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        6⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        7⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        6⤵
        
        PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      4⤵
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        5⤵
        
        PID:10976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        6⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        5⤵
        
        PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
      4⤵
      PID:14756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        5⤵
        
        PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:10536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
    3⤵
    PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
      4⤵
      PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        5⤵
        
        PID:8300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
    3⤵
    PID:11472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
    3⤵
    PID:11208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        9⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        10⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        10⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 748
        8⤵
        Program crash
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        8⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        7⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        9⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        10⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        8⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 724
        8⤵
        Program crash
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        8⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 616
        8⤵
        Program crash
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        7⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        6⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        7⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        6⤵
        Executes dropped EXE
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        9⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        9⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        8⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        7⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        8⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        9⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
        7⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        6⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        7⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        6⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        8⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        6⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        9⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        9⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        9⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        7⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        7⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 616
        8⤵
        Program crash
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        7⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25678.exe
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        7⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
        6⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        7⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        7⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        6⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        5⤵
        
        PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        5⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        6⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        9⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        7⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        6⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        5⤵
        
        PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
      4⤵
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        7⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        6⤵
        
        PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
      4⤵
      PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3676
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 760
    3⤵
    - Program crash
    PID:3060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        8⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
        10⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        9⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        9⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        9⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        8⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        7⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        6⤵
        
        PID:6528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 732
        6⤵
        Program crash
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        5⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        6⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 632
        7⤵
        Program crash
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        7⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 656
        5⤵
        Program crash
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
      4⤵
      Executes dropped EXE
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13467.exe
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        8⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        6⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        5⤵
        
        PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        6⤵
        
        PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        5⤵
        
        PID:10780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 716
    3⤵
    - Program crash
    PID:4416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63894.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        6⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        7⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        6⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        8⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        7⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
        7⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        6⤵
        
        PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63894.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        7⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        6⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        6⤵
        
        PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 632
        5⤵
        Program crash
        
        PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        6⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        5⤵
        
        PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
      4⤵
      PID:8456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        9⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
        7⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 608
        7⤵
        Program crash
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        7⤵
        
        PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        6⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        6⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        5⤵
        
        PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        7⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        6⤵
        
        PID:12868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 636
        5⤵
        Program crash
        
        PID:9480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
    3⤵
    PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        5⤵
        
        PID:7464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 632
        6⤵
        Program crash
        
        PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
    3⤵
    PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        5⤵
        
        PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
    3⤵
    PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
      4⤵
      PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
    3⤵
    PID:12056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
    3⤵
    PID:8032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        6⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        7⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        5⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        5⤵
        
        PID:6436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 688
        5⤵
        Program crash
        
        PID:13536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
    3⤵
    PID:3008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 608
      4⤵
      Program crash
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
    3⤵
    PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        5⤵
        
        PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
    3⤵
    PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
      4⤵
      PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
      4⤵
      PID:13716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
    3⤵
    PID:11996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
    3⤵
    PID:7176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        5⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
      4⤵
      PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        6⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
      4⤵
      PID:11332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      4⤵
      PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
      4⤵
      PID:12856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
      4⤵
      PID:9232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
  2⤵
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        5⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        6⤵
        
        PID:12640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 648
        5⤵
        Program crash
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
      4⤵
      PID:13704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
    3⤵
    PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
      4⤵
      PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
      4⤵
      PID:13420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
  2⤵
  PID:6508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
      4⤵
      PID:13384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
    3⤵
    PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
      4⤵
      PID:8048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
  2⤵
  PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    3⤵
    PID:14820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
  2⤵
  PID:10368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
    3⤵
    PID:14848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
  2⤵
  PID:14780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 432 -ip 432
1⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3068 -ip 3068
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4840 -ip 4840
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4420 -ip 4420
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3972 -ip 3972
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3676 -ip 3676
1⤵
PID:1836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1524 -ip 1524
1⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1288 -ip 1288
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3008 -ip 3008
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 316 -ip 316
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3968 -ip 3968
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 660 -ip 660
1⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6060 -ip 6060
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2452 -ip 2452
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5032 -ip 5032
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3208 -ip 3208
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3884 -ip 3884
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3200 -ip 3200
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1264 -ip 1264
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1556 -ip 1556
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1176 -ip 1176
1⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 404 -ip 404
1⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1196 -ip 1196
1⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1464 -ip 1464
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 432 -ip 432
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4116 -ip 4116
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5864 -ip 5864
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4500 -ip 4500
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5488 -ip 5488
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5296 -ip 5296
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5196 -ip 5196
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5224 -ip 5224
1⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3916 -ip 3916
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5152 -ip 5152
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5744 -ip 5744
1⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5712 -ip 5712
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6480 -ip 6480
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6180 -ip 6180
1⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6904 -ip 6904
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6248 -ip 6248
1⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6420 -ip 6420
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6692 -ip 6692
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5128 -ip 5128
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5972 -ip 5972
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6288 -ip 6288
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5760 -ip 5760
1⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6148 -ip 6148
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3576 -ip 3576
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6568 -ip 6568
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4176 -ip 4176
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6856 -ip 6856
1⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6208 -ip 6208
1⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6040 -ip 6040
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6312 -ip 6312
1⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6824 -ip 6824
1⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5360 -ip 5360
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2468 -ip 2468
1⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1140 -ip 1140
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5392 -ip 5392
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4832 -ip 4832
1⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6544 -ip 6544
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6528 -ip 6528
1⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 216 -ip 216
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5776 -ip 5776
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5368 -ip 5368
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7576 -ip 7576
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7464 -ip 7464
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 7840 -ip 7840
1⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5540 -ip 5540
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6500 -ip 6500
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6264 -ip 6264
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6188 -ip 6188
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5752 -ip 5752
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6444 -ip 6444
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4512 -ip 4512
1⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6436 -ip 6436
1⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7864 -ip 7864
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 8532 -ip 8532
1⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6464 -ip 6464
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7628 -ip 7628
1⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5964 -ip 5964
1⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 3008 -ip 3008
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5844 -ip 5844
1⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7480 -ip 7480
1⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5308 -ip 5308
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4572 -ip 4572
1⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1216 -ip 1216
1⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2540 -ip 2540
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3144 -ip 3144
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2588 -ip 2588
1⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2508 -ip 2508
1⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7036 -ip 7036
1⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4384 -ip 4384
1⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3628 -ip 3628
1⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3544 -ip 3544
1⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5532 -ip 5532
1⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5380 -ip 5380
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 556 -ip 556
1⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4860 -ip 4860
1⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4776 -ip 4776
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1996 -ip 1996
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5476 -ip 5476
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6452 -ip 6452
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6876 -ip 6876
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5204 -ip 5204
1⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3972 -ip 3972
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6392 -ip 6392
1⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6552 -ip 6552
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2640 -ip 2640
1⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7188 -ip 7188
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 8472 -ip 8472
1⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 8400 -ip 8400
1⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 8456 -ip 8456
1⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 8228 -ip 8228
1⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6496 -ip 6496
1⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6024 -ip 6024
1⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7276 -ip 7276
1⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7600 -ip 7600
1⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 8464 -ip 8464
1⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 7748 -ip 7748
1⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 8008 -ip 8008
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7732 -ip 7732
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 8028 -ip 8028
1⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7760 -ip 7760
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 8040 -ip 8040
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 8016 -ip 8016
1⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7788 -ip 7788
1⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 8060 -ip 8060
1⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6240 -ip 6240
1⤵
PID:14508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1476 -ip 1476
1⤵
PID:14496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5472 -ip 5472
1⤵
PID:14624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6376 -ip 6376
1⤵
PID:14968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 8488 -ip 8488
1⤵
PID:15140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 8368 -ip 8368
1⤵
PID:15200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 8416 -ip 8416
1⤵
PID:15220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1196 -ip 1196
1⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6416 -ip 6416
1⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4992 -ip 4992
1⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2728 -ip 2728
1⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1188 -ip 1188
1⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6520 -ip 6520
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6220 -ip 6220
1⤵
PID:14240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6304 -ip 6304
1⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 9180 -ip 9180
1⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5336 -ip 5336
1⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6348 -ip 6348
1⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6028 -ip 6028
1⤵
PID:14400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5664 -ip 5664
1⤵
PID:14836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6428 -ip 6428
1⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6508 -ip 6508
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2260 -ip 2260
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 2928 -ip 2928
1⤵
PID:15244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4008 -ip 4008
1⤵
PID:15316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3656 -ip 3656
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 384 -ip 384
1⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5316 -ip 5316
1⤵
PID:14720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1992 -ip 1992
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 12088 -ip 12088
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6296 -ip 6296
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3032 -ip 3032
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5416 -ip 5416
1⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 8504 -ip 8504
1⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6184 -ip 6184
1⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 8572 -ip 8572
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4940 -ip 4940
1⤵
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7244 -ip 7244
1⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7456 -ip 7456
1⤵
PID:1188

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:9608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe

Filesize
468KB

MD5
05ee34b8bb015b2e1a23a98cf6bc302d

SHA1
2d1fcdb8962d1980c2e6e126ea959399ccf4f12e

SHA256
930d39845245d41e36baccbcaa42cb9fb646f1e72fad4d33b4d3a8046aa52f7a

SHA512
4a22383700bb527c0bff8698c9f2fcacf36da95658e7e67a47906eef5b52d4bd3debddc925e927e281672b8e7a01e28748338f231e07345a08277b11dca5526d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe

Filesize
468KB

MD5
1861819e4e238826ad6040e8350c0f84

SHA1
282cf85c06100a919f6d532a151d40662c3a9fe4

SHA256
1e374ef0b1a169ca925d8a81ba27436164876e23968a781ad1ba84826223a552

SHA512
2810f6b0dcf30af4cdf406c7a923286d33785240924c28991cb9e458711b2e982112b94fbaffa4fa79caf975e552c4bdb6cff175b53224c4e6896d57796aa1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe

Filesize
468KB

MD5
38a0df1b8e57e383b0b315a40425a9c4

SHA1
c0494cf12f70155bd471031f42117d26145f1f2d

SHA256
d58c1624be6fc82540c1a4723a01122b5cc4bd3c258e25d59b1be7f4c5b43422

SHA512
6983c25be8e943db48f13a869c39114f38ed4af4c50ba9f977a002a3d9db88282a8ef8a29ae70fbdb3f9c7914047954d90231f3076385dc3b3b97f74ee6b9270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe

Filesize
468KB

MD5
a5ea22da03c7abc61b979e8cb3dc7adc

SHA1
dd4fa50c5775aa1f61e8e54517646406476df73b

SHA256
3a70e8071bbc362500c6f160f594e64a1125631c325b895c9650f7d7f66821b3

SHA512
9c84c9914bf12b39fa7ee1b11c5550ae7e3b74187307f6378facb402e68ede06506b749770b91d0ceea698ebc368168a75ba282cd82a9cc8c65ee73cb868a1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe

Filesize
468KB

MD5
df9029020e4f9b4bfeee4ad30968b78f

SHA1
32a65aa3c48adaa7d4bbd188601061f962a27c8d

SHA256
89f4fb176017215a78764c8300274a496036200a9156ea9b7abbeebc445b8e94

SHA512
3ae255fb0426a52b39e8c3a29daf1e84987bc5cc1b0e58c08f968dab4c9d5aa8a89c00ed7074382b20011bb4518f054db843fa05daa733c054b613e27460838b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe

Filesize
468KB

MD5
33a0b972dcd14246235cd09663483f10

SHA1
d589c9d3e2b9dbced4be33c38df378ad16c629fb

SHA256
4571dee5fa18d1ce1b509416b2599655fe5f7f313dd84567cf798d0b86a6aefb

SHA512
8c00394bafc82e0a5c4d698b15292e9f0abf8f6ed156612a6fa76680159aec1e712d052632ec6b1c1ce023ba97e025fdc57800c3af120045715885cd5d815946

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe

Filesize
468KB

MD5
e5c607ca937dbc0db63d9a86e7e1543d

SHA1
08eb6ad11aef23e8e8f24458eacd89800110ea08

SHA256
359209f16fcc3c7ec4de02a6f4e618de02dc5b406a2a4a2d9f8c3765ac39ff30

SHA512
c2b4f37dfd69885908fdf4393ec85d8ecb7a65b222f674ae9a4dc077c589e1fb2248a858d6daf891895f877a2c893811936db9593efefd4ab038a44f812548af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe

Filesize
468KB

MD5
4c52c4299360da05ccef9d9d682521a0

SHA1
152bb127a43b537c292f4a12cc22f0b92b2e7652

SHA256
b5447f0c401f66fe97cdb11fcc44e4a8f6d3945d819c1b46995f20d0aa299935

SHA512
9a4b1cc94e53f2a591b202f36f3d45e236115e92ee791f58a82746e25ca5152aa674f1ae26007b7c12c84ef574ca24ca439eb7f26f26241126e7539ae93504a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe

Filesize
468KB

MD5
eba24a440ae91e6201032429d0cc93ae

SHA1
75f064dcc02f35c79a7e30518fd906cc50c7a4d3

SHA256
4745195b79cc1ac1ff8c62c2d0162932f0ab980f8021bd09907b62456148186a

SHA512
151cf3e42225f71c4c684c97fbd36e06981baa1c2a287ecbc0324314492694048e94871613f3ad775072932777ace447cfc3b26fb5b015010b1997ed6adb7e8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe

Filesize
468KB

MD5
5c42fd04af03e42a1a56e624323cc914

SHA1
bc79c058f5ab3db9f390cb7588df2a4813ddfe80

SHA256
e9b4c907a055b29cbfafccc3b2297dd09dd56e3cc103d9bd442b2c86f740295a

SHA512
3e1b3dc71ddfeb0b900b37e1391d663a3c49e3de888468a18d389cedefea6c1b5d6b27ec2902e1f3f08a520ccef861218365a8e12a652ba9be4c551862faf50f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe

Filesize
468KB

MD5
d837c639ceb9b50d7a1a7b1120dfb054

SHA1
f1e6321b545db6bbe7f8f3b4fa50e464e8404fbc

SHA256
ec2832596e4a5562268cdd8db8ccc68d5620a526474ebebaff62dcc97dba19b2

SHA512
81d7970fbafcb5c23eb7ca845a1c395cdf23ef4233a15b9f66392742617cae51a1db504d3dde4d022858f5bab0f1f935420db2296585f49fa63aaddf059fe65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe

Filesize
468KB

MD5
4ffe30ff2162c419175f7fb0010d1144

SHA1
2fa78cfb3a06cde743e624c97e3bebcc351a242e

SHA256
89d5387a071a7f0264d1609e36fa8f862767c1132c3b07737f528d2a7f3778d7

SHA512
f71c7009573bbf4ec5d211e599849815482c3db2dcc0e2f98e9c33620245cbbe486c311d24115d266b41fa30beafa4b3d6f42b39c70561ad768d9a9a7ea533ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe

Filesize
468KB

MD5
e04b29f8fe6b457c15cff05a9cb1a2dc

SHA1
31d112e6a49f8e8c72ed8606c36d00b923f2351b

SHA256
73f5a8222d5b82a7ad9d551e26e742ff613f892775953739405811bb643913d4

SHA512
7316e780db1181019d8a1311c472581eaf4233f0257ee8147fff0865c1890a736f3f65782e4e4f90e58715e5974621d191f75180f865b3dc9bce6721aa878112

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe

Filesize
468KB

MD5
b304caa472b90f971796025a3b4911ed

SHA1
368c024c8b04b5cf16ac1d448b563e6566899905

SHA256
81e579082f985adbeac01464a71ac3064feef23ad22f0e873fa3193761136a82

SHA512
c75518fcbca86bc80c666365daa92149531c7f910d439dae04d57aeab4150d7e649392f00b4ddbfa7e73090c790e9a9ba05e0d7f0828439813a95f529f4ac3c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe

Filesize
468KB

MD5
4459f76ae1fe7921124adf311d90d55a

SHA1
80e19f7e0f40aa45f78a2bb51ff01e0ed6e33f10

SHA256
9af1fafe77d8f57c75b37c92bb0ff012329a482fc1cbdb9af453fa8f5c5903a9

SHA512
ec41d13c28281d9b0940a4f40bb6f87465266214472fc5a4b59b7b9da1e1497fb453a3213ff08169f7b56a74340a22b0cd96de86d800eb2cebc54e5ef22b39e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe

Filesize
468KB

MD5
4819675014871c69aa4cea0473e1376e

SHA1
ac709628858e2d8cec73c0f246ca54852ea950c1

SHA256
859b7e665006426304e6e3ce89c6f39bb48d936e362d1ba5e12283026a8949e5

SHA512
127138e7bd617d8a2445baeebb9516e96706915127578087da1725af5409186cd07d464f1d9952695c76e17c41da2f7707eb19870299a0fe2a6c741b4ecd0b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe

Filesize
468KB

MD5
62d72591ee7a95c4b147110b18c087dd

SHA1
adafaa577af235eae6fe8484e81c03230325c3fa

SHA256
2452365961199d50bd15e8e88b1d072df4970ddf39eae754cdb111338e4fd218

SHA512
0759ad4ddb6097e8778ff75721e8bdb94866cfc952e4dffa8999754bf6ae05f2635950e2d016e77889fe01e4cac230dcd2886d0770824b8d9e26c5ccc1dae316

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe

Filesize
468KB

MD5
eeae2604855f81d15b8e7ef24fa8afff

SHA1
0d95188c991121b2eb27cd03bbf82d400e139f34

SHA256
9dd3bea8296a52993cc4eb0bfd1e0f5d82038600e44e3cf33c9733f8b5334458

SHA512
777d2fce9bd5eb7fcf62f17f7b505b1b38212379eb397fe39de33128e3a3402c7a6fd47cd380dc828d199159135cf0082cc7aa40707dd928505832b0a0dcdfed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe

Filesize
468KB

MD5
42e5f74fd9282b6a6dc5368687bf5fd6

SHA1
333c8f3afce2ad91531dfc807781547e0f03dad7

SHA256
5c0ee342ae2960ddd5c831379629484d60dd1b5fad62a8f17d44a333e8d0a8f1

SHA512
c98b07a7aa0a42d8495f4a778365da789713cc1d212df0a908a84afab65168fd1debae947b7f653b0373b4ba39e7a3254deb67f05bdd28f8c4014bac965c00ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe

Filesize
468KB

MD5
c6398e75690df5925a0149d5a97fa4c4

SHA1
f0981a8315d049f3acd1181cec5c8cbcb22128b9

SHA256
0ebfb161f407912ed74db3ce756eba126857029e2871e53cb8b11bfa30478d5e

SHA512
66b0431f1926a005a26cd63a4d5e2f90ef98afa72554d64ea1bb6943ef43407eae742645b2149f7b0d53ab31024e2e420d5511ef9ac3c916334d8454ef42228c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe

Filesize
468KB

MD5
f9f3bd0029e737d693c25542c1ce5cc5

SHA1
6c2c2a3f61b185ba399cdda3c12b6bb523edaa5b

SHA256
0841a76a35d64d3c6fdfa681153851da5380be4a8d6b0efffb2d623a7376d91a

SHA512
8aff7ae83857b93a4d844c9654c7dcd299f763901bd996716ea20a827d327dc8e71bddb03bf141dc2fe26564045d3fbfb6f77310b526b49b9b36d96911e2d0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe

Filesize
468KB

MD5
309d383a3c57673300df31b8d2acfbab

SHA1
ad35693ee06a61a10b078f0c87cc0772149e2e51

SHA256
2373408440e12ee4f8790c2e7478d9b7d9f3995a6c28aa11535d3d9dc8cdb35f

SHA512
cf2fb440551fb1ce5d8dca227030e9b02bd8f4ab2e5e1e0624c7cbea4729c7563e2d2c1ff302255c6ade637b9c6855c95e46ed1a2c0b4a3a4802dc0207f06de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe

Filesize
468KB

MD5
64d468caf502d51b56b96dfdaff02f21

SHA1
3a09f996dea9203ad912004355b17d76251dacc8

SHA256
8ff17129f0f3c27c1445e2475aaee73e4b5d72e32922a9bbbe2a14a3b9e03225

SHA512
ea0e485bc2d9f7a51b881552b12a73367e54019eea55d4e8c6d5808982e60027030406e57e7c7d2c8b819a8dbebbec6f004cc4fdd72347b3595f32ec29adff68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe

Filesize
468KB

MD5
23cd9ec2c11b873c4fdd40a4bd74be58

SHA1
33f6aa1b00c64e5350b56726decdd444d9c1feaa

SHA256
44cf85d486320ed1fb7164b654fce4d61d972535b6c41a43c29fe8a04d451973

SHA512
7f0f846e8af8461f5fa1af2d90f7bd67712102a8cd2ba8bc8d31f5c30cbff260d3888dded27be047be96e69f642edbb7cb850279dd04339c75bbd42a0ac21c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe

Filesize
468KB

MD5
5e8c3ec1a7d2fa7b9ada47b0a16eb12f

SHA1
8547ec3d89e5c9d1b8b0bbe953506c142ac86215

SHA256
b94c244cdf68d422456c5905fe2748286e46a637abe00a9ab547a589de6f037f

SHA512
7df7c55b07f9d06e2c9d67fe699390611fad6c846e498f5a8ca00ff7c609b66144ad7ba1a0fbbc12e0c238d8619f6e6502f7a7b773b3656aa3c6a1f5f7920342

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe

Filesize
468KB

MD5
16befd9f65e544d5213c68636a33eb51

SHA1
f236b6e56292e7661085c3a6e5549a816199e1c6

SHA256
e321b9709fa1fa733fda923aa2ce329a4a91f25f8f895d0f5564ae4952f9f22c

SHA512
fd9042c5c211c1854087953e1b588367fdc6e163528e6566f5019862f6044ecd05d472dca0787f1215484a7b365319013aa73e14afea5eed3471fa43e3bb8c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe

Filesize
468KB

MD5
a2928d0708cbd212b330f5167c495b00

SHA1
749e193f046766ef4f02c667a7784bb3d04fb185

SHA256
95ecae5cb3a672381157b37fb262ec8180599518a1145807bac32e482f7a7f3a

SHA512
759523d56f55425f785e5dbc555d0db352deffa809d987dbcc9ee83ae18307fe23f61de7bc5235a4834816dc818ba4c882d5142395e44019b1920a6e16a2165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe

Filesize
468KB

MD5
319325e6b7701df1405b3fbc67d4900d

SHA1
3c1884b74e63e94aa7db405e42b58e09f7174abb

SHA256
98ccee67a9fff6bffd37676a86f2f20bb201f8b5576a00ec23abf1502d8c1267

SHA512
096e0379ac4bad964e6815368eb3f9d02202430e9e3a9c10d36194437092e161fab7fa890c59436096decf6c539683615e11be99b82ac7dad135d4a88146400d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe

Filesize
468KB

MD5
7834e2d47534aee04ab664bb8b9f6f01

SHA1
aed750a562fa6458cce02c3c6822739d0e867c2a

SHA256
6169a5c82c72e692f8707a0df7bcd2e83b245597b7010fb53fc453216e6aade6

SHA512
da13a9e646d9b58c7f30a9e6a455836834219cc2ab2f8f85bce33c103839126e7cba3b0b4bbb49feacf932d681feda3bc418e2bf3345688ae07a822ed288b61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe

Filesize
468KB

MD5
d7d3b301ea026d32c8a1e83571aa32ec

SHA1
001f1c59afe479c2a13304767820b1b0a5d87d94

SHA256
a52ca734cc80bc9a3d88ce1905fdb8964942a76929c45f388e7e0975e269c15c

SHA512
9717062425438b7dae50f3c0d87aeb5892c0df2ec27c6d15ed29889054bb21474f2daabec5a905c9ff665361a1af03809a976f62577bedaefc95cd7f291c6cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe

Filesize
468KB

MD5
7e9e2e243f66f27c6ef4e52b6ee7eb0d

SHA1
caefc5439e93da2a65706066baf9b5c82c2ab760

SHA256
999fb5f641eb8e72a0de2fb4773ed3c15e0781ad8b68ab1da6e349a21b87674d

SHA512
e713b44b5197a6bffc3140dd3f41b298744ab916d96923c6787fa77639d141df169c0d167cf822398282534711a628c1be90e18e5c8ad4b48047b793520f5706

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe

Filesize
468KB

MD5
3e939a97f14da5534cf642516e85f642

SHA1
4c4b59d34ccea2e5d8b6917e735d9776152f8df5

SHA256
76c221fc24ba1624719d0345df43bd0f5919466c0c993684311c25ff258c12ae

SHA512
5704fbdacc335ca21860c5f0160db20a574f7ef3607b5236eda7bb9707a65b97417552dc34ca0e6ba68f30651226956bfdc6bea16c3dd91a45c4db0f804035da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe

Filesize
468KB

MD5
b415f86514f2160e1f13280a790a1eb7

SHA1
1f88c20f57808fcc01f723239efcf520b49e36de

SHA256
61d4748d55403b72ca76921f843e1a3460843bdd8e8c325f6d54b560f147fb83

SHA512
a0fa0ceda5ebeef97fb1b71fe05a69532991b9ccd1bbc2d5294d6ada741e580e2e245efa07e465902b77f58920df79fb0fc6aa1df7d20bddd33d8baa131dc367

Download Submit
memory/216-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/316-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/384-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/404-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/432-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/432-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/432-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/440-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/556-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/660-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/972-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1140-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1188-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1216-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1264-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1368-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1448-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1524-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2452-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2468-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2540-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3068-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3068-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3144-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3288-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3544-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3656-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3676-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3676-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3884-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3968-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3972-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3972-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4008-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4036-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4116-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4148-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4176-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4440-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4572-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4592-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4648-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4668-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4692-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4732-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-3218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4856-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4944-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4956-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5236-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5280-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads