fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658

Analysis

max time kernel
120s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe
Size

468KB
MD5

68a35834b923a7ce5b736d5e422b51e0
SHA1

eaa2b0cae821da53301839feeb13049f8a3f4fea
SHA256

fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658
SHA512

e82ffc3d2520115ad850d2e2bae7addbf76c443ac5b55559fb06193f825d0b64e889481248ad9409962387d85858e9d26c04176c6255544fdf5f8800a71895b0
SSDEEP

3072:O1Nhogjdpy8Un+HsPz5FvficfhjWI8JnWHevVpb22u3OsYNdilv:O1fouLUnfP1FvfExfT22k7YNd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4560	Unicorn-34336.exe
32	Unicorn-24388.exe
3340	Unicorn-45363.exe
1700	Unicorn-59520.exe
1408	Unicorn-57474.exe
2088	Unicorn-63604.exe
2888	Unicorn-43738.exe
3472	Unicorn-947.exe
1704	Unicorn-947.exe
4456	Unicorn-22114.exe
872	Unicorn-41980.exe
2268	Unicorn-54232.exe
5096	Unicorn-29655.exe
1932	Unicorn-52378.exe
1252	Unicorn-50406.exe
5056	Unicorn-24596.exe
468	Unicorn-58015.exe
1812	Unicorn-21066.exe
4640	Unicorn-40932.exe
1808	Unicorn-29426.exe
4060	Unicorn-49292.exe
1824	Unicorn-49292.exe
4852	Unicorn-36277.exe
4604	Unicorn-45208.exe
2188	Unicorn-25483.exe
3424	Unicorn-46915.exe
2804	Unicorn-23701.exe
4708	Unicorn-9987.exe
2956	Unicorn-50563.exe
4872	Unicorn-23562.exe
2412	Unicorn-60340.exe
748	Unicorn-7994.exe
3300	Unicorn-16760.exe
4548	Unicorn-61684.exe
1848	Unicorn-45348.exe
3832	Unicorn-37158.exe
4104	Unicorn-50894.exe
2420	Unicorn-57024.exe
808	Unicorn-59062.exe
5024	Unicorn-61108.exe
4628	Unicorn-61108.exe
1136	Unicorn-48856.exe
2028	Unicorn-32712.exe
2012	Unicorn-28628.exe
712	Unicorn-49795.exe
3668	Unicorn-16376.exe
3948	Unicorn-48286.exe
1104	Unicorn-10245.exe
404	Unicorn-16376.exe
2948	Unicorn-42918.exe
3016	Unicorn-21154.exe
2276	Unicorn-1554.exe
2260	Unicorn-61491.exe
4428	Unicorn-13806.exe
1124	Unicorn-999.exe
3904	Unicorn-50563.exe
4516	Unicorn-4891.exe
2736	Unicorn-61498.exe
5092	Unicorn-20141.exe
3164	Unicorn-38524.exe
4412	Unicorn-44646.exe
4764	Unicorn-1383.exe
2248	Unicorn-30718.exe
4928	Unicorn-14751.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
11024	6948	WerFault.exe	308
11212	5748	WerFault.exe	296
13660	3192	WerFault.exe	310
11488	5352	WerFault.exe	302
15516	6452	WerFault.exe	349
16860	7044	WerFault.exe	309

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47618.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	996	dwm.exe
Token: SeChangeNotifyPrivilege	996	dwm.exe
Token: 33	996	dwm.exe
Token: SeIncBasePriorityPrivilege	996	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe
4560	Unicorn-34336.exe
32	Unicorn-24388.exe
3340	Unicorn-45363.exe
1408	Unicorn-57474.exe
2088	Unicorn-63604.exe
1700	Unicorn-59520.exe
2888	Unicorn-43738.exe
1704	Unicorn-947.exe
872	Unicorn-41980.exe
3472	Unicorn-947.exe
2268	Unicorn-54232.exe
4456	Unicorn-22114.exe
5096	Unicorn-29655.exe
1932	Unicorn-52378.exe
1252	Unicorn-50406.exe
5056	Unicorn-24596.exe
468	Unicorn-58015.exe
4640	Unicorn-40932.exe
1812	Unicorn-21066.exe
4060	Unicorn-49292.exe
3424	Unicorn-46915.exe
1824	Unicorn-49292.exe
4604	Unicorn-45208.exe
1808	Unicorn-29426.exe
2188	Unicorn-25483.exe
4852	Unicorn-36277.exe
2804	Unicorn-23701.exe
2956	Unicorn-50563.exe
4708	Unicorn-9987.exe
4872	Unicorn-23562.exe
2412	Unicorn-60340.exe
748	Unicorn-7994.exe
3300	Unicorn-16760.exe
4548	Unicorn-61684.exe
1848	Unicorn-45348.exe
3832	Unicorn-37158.exe
2420	Unicorn-57024.exe
4104	Unicorn-50894.exe
2012	Unicorn-28628.exe
5024	Unicorn-61108.exe
808	Unicorn-59062.exe
4628	Unicorn-61108.exe
2028	Unicorn-32712.exe
3948	Unicorn-48286.exe
404	Unicorn-16376.exe
1136	Unicorn-48856.exe
1104	Unicorn-10245.exe
2948	Unicorn-42918.exe
712	Unicorn-49795.exe
3668	Unicorn-16376.exe
3016	Unicorn-21154.exe
2260	Unicorn-61491.exe
2276	Unicorn-1554.exe
4428	Unicorn-13806.exe
1124	Unicorn-999.exe
4516	Unicorn-4891.exe
2736	Unicorn-61498.exe
5092	Unicorn-20141.exe
3904	Unicorn-50563.exe
3164	Unicorn-38524.exe
4412	Unicorn-44646.exe
4928	Unicorn-14751.exe
4764	Unicorn-1383.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 4560	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	86
PID 4304 wrote to memory of 4560	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	86
PID 4304 wrote to memory of 4560	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	86
PID 4560 wrote to memory of 32	4560	Unicorn-34336.exe	88
PID 4560 wrote to memory of 32	4560	Unicorn-34336.exe	88
PID 4560 wrote to memory of 32	4560	Unicorn-34336.exe	88
PID 4304 wrote to memory of 3340	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	89
PID 4304 wrote to memory of 3340	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	89
PID 4304 wrote to memory of 3340	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	89
PID 3340 wrote to memory of 1700	3340	Unicorn-45363.exe	92
PID 3340 wrote to memory of 1700	3340	Unicorn-45363.exe	92
PID 3340 wrote to memory of 1700	3340	Unicorn-45363.exe	92
PID 4304 wrote to memory of 1408	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	94
PID 4304 wrote to memory of 1408	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	94
PID 4304 wrote to memory of 1408	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	94
PID 32 wrote to memory of 2088	32	Unicorn-24388.exe	93
PID 32 wrote to memory of 2088	32	Unicorn-24388.exe	93
PID 32 wrote to memory of 2088	32	Unicorn-24388.exe	93
PID 4560 wrote to memory of 2888	4560	Unicorn-34336.exe	95
PID 4560 wrote to memory of 2888	4560	Unicorn-34336.exe	95
PID 4560 wrote to memory of 2888	4560	Unicorn-34336.exe	95
PID 1700 wrote to memory of 1704	1700	Unicorn-59520.exe	97
PID 2088 wrote to memory of 3472	2088	Unicorn-63604.exe	96
PID 1700 wrote to memory of 1704	1700	Unicorn-59520.exe	97
PID 1700 wrote to memory of 1704	1700	Unicorn-59520.exe	97
PID 2088 wrote to memory of 3472	2088	Unicorn-63604.exe	96
PID 2088 wrote to memory of 3472	2088	Unicorn-63604.exe	96
PID 3340 wrote to memory of 4456	3340	Unicorn-45363.exe	99
PID 3340 wrote to memory of 4456	3340	Unicorn-45363.exe	99
PID 3340 wrote to memory of 4456	3340	Unicorn-45363.exe	99
PID 1408 wrote to memory of 872	1408	Unicorn-57474.exe	98
PID 1408 wrote to memory of 872	1408	Unicorn-57474.exe	98
PID 1408 wrote to memory of 872	1408	Unicorn-57474.exe	98
PID 2888 wrote to memory of 2268	2888	Unicorn-43738.exe	100
PID 2888 wrote to memory of 2268	2888	Unicorn-43738.exe	100
PID 2888 wrote to memory of 2268	2888	Unicorn-43738.exe	100
PID 4304 wrote to memory of 5096	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	101
PID 4304 wrote to memory of 5096	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	101
PID 4304 wrote to memory of 5096	4304	fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe	101
PID 4560 wrote to memory of 1932	4560	Unicorn-34336.exe	102
PID 4560 wrote to memory of 1932	4560	Unicorn-34336.exe	102
PID 4560 wrote to memory of 1932	4560	Unicorn-34336.exe	102
PID 32 wrote to memory of 1252	32	Unicorn-24388.exe	103
PID 32 wrote to memory of 1252	32	Unicorn-24388.exe	103
PID 32 wrote to memory of 1252	32	Unicorn-24388.exe	103
PID 1704 wrote to memory of 5056	1704	Unicorn-947.exe	104
PID 1704 wrote to memory of 5056	1704	Unicorn-947.exe	104
PID 1704 wrote to memory of 5056	1704	Unicorn-947.exe	104
PID 1700 wrote to memory of 468	1700	Unicorn-59520.exe	105
PID 1700 wrote to memory of 468	1700	Unicorn-59520.exe	105
PID 1700 wrote to memory of 468	1700	Unicorn-59520.exe	105
PID 1408 wrote to memory of 1812	1408	Unicorn-57474.exe	106
PID 1408 wrote to memory of 1812	1408	Unicorn-57474.exe	106
PID 1408 wrote to memory of 1812	1408	Unicorn-57474.exe	106
PID 872 wrote to memory of 4640	872	Unicorn-41980.exe	107
PID 872 wrote to memory of 4640	872	Unicorn-41980.exe	107
PID 872 wrote to memory of 4640	872	Unicorn-41980.exe	107
PID 2888 wrote to memory of 1808	2888	Unicorn-43738.exe	108
PID 2888 wrote to memory of 1808	2888	Unicorn-43738.exe	108
PID 2888 wrote to memory of 1808	2888	Unicorn-43738.exe	108
PID 2268 wrote to memory of 4060	2268	Unicorn-54232.exe	109
PID 5096 wrote to memory of 1824	5096	Unicorn-29655.exe	110
PID 2268 wrote to memory of 4060	2268	Unicorn-54232.exe	109
PID 2268 wrote to memory of 4060	2268	Unicorn-54232.exe	109

C:\Users\Admin\AppData\Local\Temp\fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe
"C:\Users\Admin\AppData\Local\Temp\fab7f6202bb2db0f84ca98c3567886f66bc918a276de0ec2f77bfba0476ca658N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:32
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        10⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        10⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        9⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        9⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        9⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        9⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        7⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        9⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        8⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44191.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        7⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        9⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        9⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        8⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        8⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39204.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        8⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        8⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42078.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        7⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        6⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        7⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        7⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
        6⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        6⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        6⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        9⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        9⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        8⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        7⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38902.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        7⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        6⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        7⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        7⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        5⤵
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        7⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        7⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        6⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        6⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        7⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-436.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        5⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
      4⤵
      PID:15468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        8⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
        9⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        9⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        7⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 632
        8⤵
        Program crash
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        7⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15624.exe
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        7⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        7⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        6⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 716
        7⤵
        Program crash
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        6⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        6⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        6⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        6⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        5⤵
        
        PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
      4⤵
      PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
      4⤵
      PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
      4⤵
      PID:17344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        7⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        6⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        5⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
      4⤵
      PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
      4⤵
      PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
      4⤵
      PID:16276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        5⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        5⤵
        
        PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        5⤵
        
        PID:15368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
      4⤵
      PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        5⤵
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
        5⤵
        
        PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
      4⤵
      PID:5860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
    3⤵
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        5⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        5⤵
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
      4⤵
      PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      4⤵
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
      4⤵
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
    3⤵
    PID:9888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
    3⤵
    PID:13832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
    3⤵
    PID:6384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        9⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        9⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        8⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        8⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        7⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        6⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        8⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        7⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        8⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        9⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        7⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        7⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        7⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
        6⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        5⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        8⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        7⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        7⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 692
        8⤵
        Program crash
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        7⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        7⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe
        7⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        6⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
        5⤵
        
        PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        5⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        7⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        7⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        6⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        6⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        6⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        5⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
      4⤵
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        6⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        5⤵
        
        PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        6⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        5⤵
        
        PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2322.exe
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
      4⤵
      PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
      4⤵
      PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        5⤵
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
        5⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        5⤵
        
        PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
      4⤵
      PID:15812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        5⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        5⤵
        
        PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
      4⤵
      PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      4⤵
      PID:7044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 600
        5⤵
        Program crash
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
      4⤵
      PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62415.exe
    3⤵
    PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
    3⤵
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
    3⤵
    PID:16264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        6⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        7⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        7⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        7⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46407.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        5⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        7⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        6⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        6⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        5⤵
        
        PID:6452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 648
        6⤵
        Program crash
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
      4⤵
      PID:6376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        7⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
      4⤵
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9308.exe
      4⤵
      PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        6⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
      4⤵
      PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
      4⤵
      PID:16004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      4⤵
      PID:6948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 608
        5⤵
        Program crash
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
      4⤵
      PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
    3⤵
    PID:10396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
    3⤵
    PID:15136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
    3⤵
    PID:16216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37492.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        6⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        5⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        5⤵
        
        PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
      4⤵
      PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        6⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
      4⤵
      PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
      4⤵
      PID:15764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
    3⤵
    PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
      4⤵
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
      4⤵
      PID:5892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
    3⤵
    PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
    3⤵
    PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
    3⤵
    PID:12260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
        6⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        5⤵
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
      4⤵
      PID:15612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      4⤵
      PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
      4⤵
      PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
    3⤵
    PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
      4⤵
      PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63502.exe
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
    3⤵
    PID:15384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
    3⤵
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
    3⤵
    PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
      4⤵
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
    3⤵
    PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
    3⤵
    PID:13424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
    3⤵
    PID:16300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
  2⤵
  PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
    3⤵
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
    3⤵
    PID:10416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
    3⤵
    PID:11884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
    3⤵
    PID:1072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe
  2⤵
  PID:7112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
    3⤵
    PID:9652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
    3⤵
    PID:14732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
    3⤵
    PID:2712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
  2⤵
  PID:10352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
  2⤵
  PID:12044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
  2⤵
  PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6948 -ip 6948
1⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5748 -ip 5748
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3192 -ip 3192
1⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5352 -ip 5352
1⤵
PID:13784

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7044 -ip 7044
1⤵
PID:16608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe

Filesize
468KB

MD5
498769b5664b559a63d7a6ab3000f166

SHA1
92c180f8438aee2da066f2d608d4795b4a9cbf7f

SHA256
218a633a9b4d9073ea82176bd72555900a8fa3a86c26dc344683c5eee2e8689c

SHA512
fe8f41a354926c10e3c73f9f2eceee195051b62e1b8b9e7feec6adce5413c0e8e7d549dc9b6d555c3687c2c5b72598f34d321a8e6957873cc34d461df7586dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe

Filesize
468KB

MD5
a4fa734cbef7cbcea55b0ea47b15130f

SHA1
72d5e0f9a2b9656364a9c1d828db63e5ae44181d

SHA256
b40a30a1e2c58a17e27cc26af6dcc447f5628ecb54cf31b80574fb3cc9b12d82

SHA512
5699b17d949f6f7607a6b478883d6060dfbc5785d7c5fe0ffc7f321e4d44e5acff8b00a3ef54fbe283e13b955027bede6110eefb26fd8257ee4fdd973954ee35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe

Filesize
468KB

MD5
b7e93e34a90261435a0cdacd791388d1

SHA1
cb7bef67730499bf65de503b6f84980c1187dc83

SHA256
30a7f73ef11bf92d6aa02a577e6af130d93d8a0600b7721e878d898653d540ba

SHA512
62a37d25b8508f8043c84f884b3aa0e2cb481f81fc4c4e98cccd3b0fc0dcb8ab6ccb076e9e6614d233699d954ad2ddf6f037786d2dd60041def7e79c2b62cb32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe

Filesize
468KB

MD5
52879f485f0657731dfde5f11e0b0b2b

SHA1
83b8a8278710d27375a52c922160373307070ad5

SHA256
ba16c6735d06a94ed56eef9ce87c77b1b3d4d15b97c8c609d9a3593670f33ab5

SHA512
31eba6a68ac54cbe130b36d51abb8c5cc18fab67e61f707749d106d3a26032e663adb8ce5f739a4433b67c37681ae39469f2114a5f9c04a506735be6e6ce418c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe

Filesize
468KB

MD5
3bb90d64f12d6cda4c6339f6d5ab94aa

SHA1
5957f18c7b3c7ee272b65ae1f9fc739df0c4c36c

SHA256
6820f08c6afe0d50a2b86751633dc841ce20ff186027d2e5c17644e799cfb72e

SHA512
dc48f6359763b62b74f805e918f8d4ec9786d4342d5a60d94ba292b7d8fc68cc6b4d37459e837559b01ca100653fd0587e8e016234d78e285d0338b0543671e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe

Filesize
468KB

MD5
e5e7889e019279bc06750d89ab6b75b5

SHA1
e35c44acd708f89d372202291e3e7787d40bb7f2

SHA256
159d7821f02e2b40c9748a4ce38b60e30aec8211c57f0a0360f7cb8875c21c69

SHA512
64e932b6b0692580051670ccfc7febd58b4f425c2855836594f1c475da2dd56e8fab47066365c4f924eea0c4b4d53ef2bd977c339f04a07cee247c7b250563a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe

Filesize
468KB

MD5
385b574df68822b332939a6a8aa3ff32

SHA1
6fdb110a867b92bbb726e9824a1de83c4f84acf3

SHA256
280f58f46cf38cf7f3745273d4cab6205aa0149871d7b6da648e80c5c1e6421a

SHA512
48616f6419e321122df1dab01b76804a11952c9ee36896de305a68837fbd838ec3d6bd18a67f40acb213ba9d978aa84b5cebadf3cdb3c233ee158851c9fab636

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe

Filesize
468KB

MD5
4e34a44e8e85d2c0179fdddf7063e4ed

SHA1
2bec5486678210aecccb40b96be251ee2aa38195

SHA256
40a6add78d9f8aa8e1a992844ab6ed6936cc3c7227463a40aeea947f7e85e46b

SHA512
b5ae63affb36c9002708200298ca9c5bef51a173eb569a32b6c6ffd87dd188b7e24b52b6f7fc19a1cb93dd13590772f95d8dbe02b6412b85afe6386e5639396c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe

Filesize
468KB

MD5
b3410e95960bb202bb8d76cc490c6a66

SHA1
6c0e737664b92645a5cebec686fb2852c50ea518

SHA256
5d05b84a607df5c183e238b4b3a17c22b4e79fd0d064fc513e721172143e5835

SHA512
5e8043ee3aa9215bc9372ba84400febfdd996288fa2d2bd61fcf511aee0ea273e02e353de1036c2836167831273f1ca9888ac97e1e75f5b6fc3a6fc733571a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe

Filesize
468KB

MD5
3eb5a3eab1b2436d83335885142fe459

SHA1
abfdf1b4f6275c7c53a1d625c4a89601f7529787

SHA256
5bda57a6521c821bffbcc999917756739a0c45a491c05923faa5763453059f0e

SHA512
9a151aabf1e41c3e26d44320a0e00c6adfb099d56c305ea0fc98b474e252106b03d5919cf57c6ec42cf6ebc7e63fafb841ba84bdb92fb6d26e58a8d039bec99d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe

Filesize
468KB

MD5
8c46613bfce0087111dd3abddb1aa35c

SHA1
5f90d3f6946c406b6a51d721883426005b13c934

SHA256
86173e49bd2dfe84454dad0e03a2aa7a8471017de0d1842f7b0dbad501a8a663

SHA512
e45d97da712f08c0d424ffda9ff770c665f641ff301fa61ba698a19486cb3fa21a2cd2ef931ce255f2dba8f2a772587ce2b9b4a25cb1cc8a311bc3ad416d1d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe

Filesize
468KB

MD5
f870da6da6558ed30043eb30cfa75389

SHA1
bfea22949c90d8f7fd00e1f330f3199c9addffb8

SHA256
061a46e0ac0af92d02bbef29b8c3fee556509a3405bc66fdc3c6b9c5ae89006c

SHA512
2563d247229f6b9d34351a8a9eb32a36b2df06d3e1a308801f19deafa71863abecafc7cfdf1d8a0991d9f48524fb0d5c4dc4f25161f3fcf038536f16cc51d352

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe

Filesize
468KB

MD5
8c5e11999283685e9c96f1e00d592083

SHA1
1ffd39ea452e9a02e32d44634f763be8f611487d

SHA256
90fb53453edc3c2a0ef7aaab088549bc9c022e143d342069338dddd5df08c013

SHA512
4b7335cdba8592586fcf4b56bceef5375762b0aa9d3424fc2604dd0ce30f78be32a9a53dfa07b2752903ef88746e466e86db6704fe438ba5d2b28e678ae843fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe

Filesize
468KB

MD5
25683205e215f48941c1e9a8ada52528

SHA1
8cedfbee98df73eb58272e051719b62f963c3f9d

SHA256
79efa93682a1932719b564e9aad24604c59e1978068fdaed58b228b31ad52c32

SHA512
86632822baa8600eef39c59f971628d61a0f0b49c0fb9e11ac6ac25da2e293e1f3b3ff547e66b8646e47ad827b08526b95fbd590072f72ac7321c367e6e719e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe

Filesize
468KB

MD5
250058d6f1d57bdc286479a4865ba335

SHA1
da6be19e38550f7c5a380d3752f0ae1e6cf7a5db

SHA256
be63caef64b9017879dc8bbd1f1ded739d3b35088b30d5059cf4319b40ac0535

SHA512
2ef214f21195eb6269a68a231631107f50f35bfb1b48bb0b03219ada68611fb048a74cf5fb6ab1b2e42aac318b0f01a3782a4323a7b3de14cd9d5ca2565c9b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe

Filesize
468KB

MD5
853a3d3135bc8de91f832787c2268fb3

SHA1
74403b3cbab42bbcdef144997ecbd4e9d16613cc

SHA256
52a3f80b006b1a995c67161ac4ad3db6436c7317af107394837e1c90c0e23110

SHA512
a750c3a30926e7d8b7ebdb4e4f04b1d159402ded3b2401f6140a281ca5743797dc1328d302050079b27a18fae980fc2b28ff990259575f60ec47665259383c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe

Filesize
468KB

MD5
bc363cb97ff26607891eee8ec874a86c

SHA1
5b90cc55386c99b12f25f9b29c914e4b409c4d8e

SHA256
c63409d91327a7b49af1bb0fa721bae0ac3ae3cf3fabdb792f55fa9b855df3c8

SHA512
b547151de974dbad2e44dec9a1fdb33b472407171ea9293becd293260b1fb59435fe5a317bdd46e8933bc91d9a33cd646d6099e1121f772129bba5a3bfc376dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe

Filesize
468KB

MD5
0765ae07c91d1dc746b6d096318fc66f

SHA1
89191418e8c11cdc404b7d59e98dece2068e0d37

SHA256
cd53f1860c35e024a2ef6cde03786bec0f9e5bd2b1b1a595a4f65720debb09eb

SHA512
5ed4f777e4ec654412683a25985cc97ff16e386554b3bfbeb76e26f2eee4f77161d6290e4e483dc91a5200f67737b8c656ab94560d093a5a58ffb7dde5a3e936

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe

Filesize
468KB

MD5
5d5fd757074154df78e33d1ffb7616f3

SHA1
78bd22275276e896545124fb662f5f0c55396139

SHA256
0259feaafc37fadfc3da9d5da6f70182f5ac891e22cb520735727a7cc9bef081

SHA512
c52398ab329b566c4637414741ca79d3ce5b1387b7796f96db7ff9002b703908444dcae2e271ddebaa3f605685dc8b34255ed5eb740d72733f36285151f665cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe

Filesize
468KB

MD5
ae632cf6691fbe4829330d6c9175cdce

SHA1
59df8184be168acaf63550e05e234f4425ce662a

SHA256
369b2542e39001e0ab96c80b2bce8d14cff2eec1f041db9bb517cc8b43aec8c8

SHA512
bf362d962ee1487fc682bc447257cecc6f370fd84ccf211c6f8ceb7dd9ec1df4f4cfca0506bd328c279905a99b860661a33836effd538960fe5039392fe1248c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe

Filesize
468KB

MD5
709b5fd60f04f5f28e616d3501d6e091

SHA1
34623581cd80e9387f3bf27ec64358aaefcc4177

SHA256
2fa7894217ea62038e5e8eb33a17dd20d1ac50de95baaada93fb64a0ea7cecf2

SHA512
ecf5ba86efcb60263921ad2e50604cc29b3ee1c693c01351dba2d2fed7236c5488c29a9cd0d8f782ca05da42c2ab47ab4d87671ab7218bc1a1d1866bd43b6f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe

Filesize
468KB

MD5
4b83421602ae5ff326dcb74f643a8997

SHA1
97fce9f983932201da821e84473564f69680c669

SHA256
42e265e1416a48089ad82f76c835a4b69a4147f2bca4c34590fbb0ebc18b766f

SHA512
c4b7581c4ef827d7d3cd7e70856dfbcac2b667d588cd46ea7c634096177c08d09a0949497ea2b2315c783f6f19eb40bd37d1f5be809c06a39815eeca207fa8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe

Filesize
468KB

MD5
7af8de7e827c22040a7b4afe2991c34c

SHA1
4c5f087424dc5a27ede2a9390614ee6d5db0f790

SHA256
3981287a399b7cd72031f228620e01942e583ec01a32a017afeba3c3f814a7ef

SHA512
43fe72bae9dc4214685b991784648341670f528478bb569aea10f741937126d06225d07680a6cbd2834b95523330331ea29d4ba3e5199c38f81a5e561f4ce321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe

Filesize
468KB

MD5
2a0bc4ed8917dfcf4a40dbcf89ef9298

SHA1
d6964cfb4d183c8200c94dc4bde75901560dc37f

SHA256
8452d1de6635a7727b2bb2168c5e4ef33be6833257a1053bd28d4e1fc012bf75

SHA512
5b7903a3d4676ee61f65106ca0173814255a3cf39efc05d6d3671eed269da63c6c4a92622e5657855eba36c85f6f73a870e35b796c5e7b3f0adbaa8386691c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe

Filesize
468KB

MD5
c174f0661ac0d898aee7f188eb6c3799

SHA1
1da098b81fe9219673974de57fc3c0c82eea61e7

SHA256
3c8d3765feb0d9b8e85aa772b3310dd83acb556c4d149b9d886d365f43c4ec7e

SHA512
f646680e6fbd3223f584ee0225726f1a49a53e4c37b60a250f561d824a2e6105cd6124be6e6bdf33814244951cce547cbdc27b01bdacce2dbd88b727ca4d4eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe

Filesize
468KB

MD5
6cb064fa542394a8d114fedeea90201c

SHA1
17cd7fae0a47e6a387c4fdf44c2733722d5b43a8

SHA256
8612c3fe23e8952316752e709fde1add5662a6cf806ecb6ede28f16d1c7b5290

SHA512
e051336347f0915d1ae8e295693c882d03f6601fde8e39d21a64eb2ce14bda5eb7f381bc8736bec0338dc566fbd96141d99e11f3a5c23249962a09359829e9f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe

Filesize
468KB

MD5
29099e97e58406e690c1c6ee71fdc8c3

SHA1
f4c554b1dd8e794e31a65c02dd49016c42c1919c

SHA256
c9c013d1cb6b408dabe99ba8ac51e60fa8f819a00a0d3e576e132f56c88097b5

SHA512
a76eeceb57248c7e31359dd8248cac24ea9eed7b24e04538437bf8233bc3e610e91f69a8240485fe13e8fbbd37f3352ad879ad335ad9f624c13c7f8b7456bbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe

Filesize
468KB

MD5
5967744e858ece06c190a8302b78791d

SHA1
8f4c2b2e08fa704abeb860d5e3bdb408b01a4fae

SHA256
804c8776bff4cce7946f687e3918f7ceeed8802e890b0e90d0979213155f29e4

SHA512
c43e80548720eb5712638e865ba78677ac007c37e9b9588e847ab6db102e48291c1a25e85a9f95fccf167ee79efb0f0060c6381e91e9f00d7799c22dd1d0f8e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe

Filesize
468KB

MD5
982b3ed8c1553c2ec8fc7ea35d689b2c

SHA1
bd2a3ce884de0c0d8027c84fb7cdf82971d4ade0

SHA256
a59ae63051c8bc01e821acc103720e7199d8c164fde220eb95dde546510b2ceb

SHA512
6d0d908122a28d0cc992131f8c72a96d91d5e0ac90b4672493fd7da064b3c8b5b18550a09990fc5d9b7a8191b6d8dd514a12c2736edd64d65c6e2170cf6e12f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe

Filesize
468KB

MD5
9adc7b5375e475bfe65d8465345e538b

SHA1
93055e8c15c4f1e4d695fff9cbcb0ca2e9b4acb4

SHA256
454e04759b60a0ab441f556564f38e7d58ceddf9c57c80d0a5abf4093c23ebc6

SHA512
0eb1a6abe10241df66e48324524168b845eb85bec38f5f1b18604c0eab143ee427ab334e6db9b2b5143b7c6328f128736515d63009b4d79313e5ec306f27912e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe

Filesize
468KB

MD5
062ca04fcd83acc9bb732cb52ecec621

SHA1
a3b21f2de0aef2bd7fcca8d9f2af0161d8e605d3

SHA256
b402090a1d56860d327c122c2b22d2832b320a737425afdedcf1e4aa736953f3

SHA512
b5db87d41a3e62225ea3c4ec5bf8081ed6675aa67c664fe3fa46dc31cc72939ce9a4e72d62e0ba925a5588f66eec2e7b61426b4dd72bded2dfb211ac7619e252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe

Filesize
468KB

MD5
38a1de3123d911c6f79026cdc63d1a71

SHA1
361912ef427e1f7bf3bdb782a8fbe05619200b5e

SHA256
7d49b7f35b51bb5063ef3d567a4e45d8e3720364e1d92723a2af11739076f4fc

SHA512
4caa0c6dec8ef8ba057ba7f47421c20189ea7d9e0360028bfe834b3a56d2d05637e46eb4eb9c315d527a3836ba9f1343c2ae66234ae6c2bd3c9bb67313da516d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe

Filesize
468KB

MD5
5fa7a1c0a7b8aa07ca19e5316d959e1d

SHA1
f7c6e1444cc9f6f56fd9c68068a4a470602d94af

SHA256
4338d3a6539a860941996320f27a33d5fb71afa2592155a5cad690e5030d2781

SHA512
82a79f894c67e20da1b21aede679480e0f9f59093b14a3203561966a72b69716be1049cbaeb09edb202224e95d327ca3db529dc79bbbac6190f2cd4361c4edb1

Download Submit
memory/32-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/404-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/448-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/712-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/808-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1252-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1524-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1700-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-2764-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-129-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1848-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1932-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2028-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2412-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2420-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2948-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3136-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3340-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3368-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3424-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-59-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3832-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3852-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3904-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4060-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4180-567-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4372-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4516-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4560-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4644-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4764-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5344-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5376-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5388-576-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-577-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5424-578-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-579-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-580-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-593-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5500-594-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15600-2593-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15684-2592-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads