831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82a

Analysis

max time kernel
119s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe
Size

468KB
MD5

70aa3c1cd78863da675f3a4811011310
SHA1

ac35cc5557e3f6cac9f6e0ed64a13194be272ebc
SHA256

831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82a
SHA512

e0ff1085c01d147f877c4cfc2d98a94e80a20780179fc33047d1e267a5c6dc9abe01a60626bcd144e5990fbd20cb9ea070e0b0edf4c898908b8348867f2a9433
SSDEEP

3072:auChogfxRg8U2bYZPz3cqf8/EC3jyIgZswfI+V8gUkS+2vzct5Mw:au8oCNU2aPDcqfRVQoUk1ozct

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1464	Unicorn-47588.exe
64	Unicorn-64700.exe
4380	Unicorn-28690.exe
2228	Unicorn-42796.exe
3512	Unicorn-59132.exe
3316	Unicorn-45026.exe
3004	Unicorn-31290.exe
5028	Unicorn-50684.exe
5000	Unicorn-63875.exe
536	Unicorn-42900.exe
4224	Unicorn-3905.exe
2456	Unicorn-10035.exe
632	Unicorn-39370.exe
4396	Unicorn-59236.exe
412	Unicorn-42827.exe
1800	Unicorn-45234.exe
3460	Unicorn-59724.exe
3104	Unicorn-40050.exe
1340	Unicorn-3699.exe
5112	Unicorn-16890.exe
3800	Unicorn-36756.exe
2388	Unicorn-36756.exe
1156	Unicorn-20420.exe
4344	Unicorn-12251.exe
3808	Unicorn-3891.exe
4300	Unicorn-44659.exe
5008	Unicorn-35993.exe
1576	Unicorn-25058.exe
5108	Unicorn-22649.exe
3560	Unicorn-8914.exe
2480	Unicorn-47996.exe
2060	Unicorn-31587.exe
3056	Unicorn-54156.exe
3756	Unicorn-59179.exe
2108	Unicorn-5339.exe
4852	Unicorn-56386.exe
4060	Unicorn-12931.exe
1076	Unicorn-2578.exe
3200	Unicorn-65396.exe
4488	Unicorn-65396.exe
540	Unicorn-57420.exe
1032	Unicorn-49252.exe
2524	Unicorn-49252.exe
1436	Unicorn-43122.exe
4808	Unicorn-43122.exe
2040	Unicorn-8603.exe
2220	Unicorn-41276.exe
4460	Unicorn-3730.exe
4856	Unicorn-3730.exe
1452	Unicorn-7259.exe
3472	Unicorn-44571.exe
4284	Unicorn-38970.exe
4092	Unicorn-7451.exe
2868	Unicorn-64628.exe
3044	Unicorn-31193.exe
3108	Unicorn-40124.exe
3664	Unicorn-39859.exe
2012	Unicorn-4114.exe
1132	Unicorn-1513.exe
3448	Unicorn-44955.exe
4388	Unicorn-34644.exe
4032	Unicorn-34644.exe
2916	Unicorn-50980.exe
2532	Unicorn-62827.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
6440	5616	WerFault.exe	195
16308	13996	WerFault.exe	725
16372	14076	WerFault.exe	729
16364	13996	WerFault.exe	725
15456	15268	WerFault.exe	716
14304	13980	WerFault.exe	740
15468	3120	WerFault.exe	742

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49209.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16272	dwm.exe
Token: SeChangeNotifyPrivilege	16272	dwm.exe
Token: 33	16272	dwm.exe
Token: SeIncBasePriorityPrivilege	16272	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe
1464	Unicorn-47588.exe
64	Unicorn-64700.exe
4380	Unicorn-28690.exe
2228	Unicorn-42796.exe
3512	Unicorn-59132.exe
3316	Unicorn-45026.exe
3004	Unicorn-31290.exe
5028	Unicorn-50684.exe
4224	Unicorn-3905.exe
536	Unicorn-42900.exe
412	Unicorn-42827.exe
632	Unicorn-39370.exe
2456	Unicorn-10035.exe
4396	Unicorn-59236.exe
1800	Unicorn-45234.exe
3460	Unicorn-59724.exe
3104	Unicorn-40050.exe
1340	Unicorn-3699.exe
5112	Unicorn-16890.exe
3800	Unicorn-36756.exe
2388	Unicorn-36756.exe
4344	Unicorn-12251.exe
4300	Unicorn-44659.exe
3560	Unicorn-8914.exe
5108	Unicorn-22649.exe
1576	Unicorn-25058.exe
5008	Unicorn-35993.exe
3808	Unicorn-3891.exe
1156	Unicorn-20420.exe
2480	Unicorn-47996.exe
2060	Unicorn-31587.exe
3056	Unicorn-54156.exe
4852	Unicorn-56386.exe
2108	Unicorn-5339.exe
3756	Unicorn-59179.exe
4060	Unicorn-12931.exe
1076	Unicorn-2578.exe
4488	Unicorn-65396.exe
3200	Unicorn-65396.exe
540	Unicorn-57420.exe
2040	Unicorn-8603.exe
1032	Unicorn-49252.exe
1436	Unicorn-43122.exe
2524	Unicorn-49252.exe
4808	Unicorn-43122.exe
2220	Unicorn-41276.exe
3472	Unicorn-44571.exe
4460	Unicorn-3730.exe
3664	Unicorn-39859.exe
4856	Unicorn-3730.exe
1452	Unicorn-7259.exe
4092	Unicorn-7451.exe
2868	Unicorn-64628.exe
4284	Unicorn-38970.exe
3108	Unicorn-40124.exe
3044	Unicorn-31193.exe
3448	Unicorn-44955.exe
2012	Unicorn-4114.exe
4032	Unicorn-34644.exe
2916	Unicorn-50980.exe
1132	Unicorn-1513.exe
4900	Unicorn-554.exe
2832	Unicorn-57.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 1464	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	82
PID 3620 wrote to memory of 1464	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	82
PID 3620 wrote to memory of 1464	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	82
PID 1464 wrote to memory of 64	1464	Unicorn-47588.exe	85
PID 1464 wrote to memory of 64	1464	Unicorn-47588.exe	85
PID 1464 wrote to memory of 64	1464	Unicorn-47588.exe	85
PID 3620 wrote to memory of 4380	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	86
PID 3620 wrote to memory of 4380	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	86
PID 3620 wrote to memory of 4380	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	86
PID 64 wrote to memory of 2228	64	Unicorn-64700.exe	90
PID 64 wrote to memory of 2228	64	Unicorn-64700.exe	90
PID 64 wrote to memory of 2228	64	Unicorn-64700.exe	90
PID 3620 wrote to memory of 3316	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	91
PID 3620 wrote to memory of 3316	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	91
PID 3620 wrote to memory of 3316	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	91
PID 4380 wrote to memory of 3512	4380	Unicorn-28690.exe	92
PID 4380 wrote to memory of 3512	4380	Unicorn-28690.exe	92
PID 4380 wrote to memory of 3512	4380	Unicorn-28690.exe	92
PID 1464 wrote to memory of 3004	1464	Unicorn-47588.exe	93
PID 1464 wrote to memory of 3004	1464	Unicorn-47588.exe	93
PID 1464 wrote to memory of 3004	1464	Unicorn-47588.exe	93
PID 2228 wrote to memory of 5028	2228	Unicorn-42796.exe	96
PID 2228 wrote to memory of 5028	2228	Unicorn-42796.exe	96
PID 2228 wrote to memory of 5028	2228	Unicorn-42796.exe	96
PID 64 wrote to memory of 5000	64	Unicorn-64700.exe	97
PID 64 wrote to memory of 5000	64	Unicorn-64700.exe	97
PID 64 wrote to memory of 5000	64	Unicorn-64700.exe	97
PID 3004 wrote to memory of 536	3004	Unicorn-31290.exe	98
PID 3004 wrote to memory of 536	3004	Unicorn-31290.exe	98
PID 3004 wrote to memory of 536	3004	Unicorn-31290.exe	98
PID 1464 wrote to memory of 4224	1464	Unicorn-47588.exe	99
PID 1464 wrote to memory of 4224	1464	Unicorn-47588.exe	99
PID 1464 wrote to memory of 4224	1464	Unicorn-47588.exe	99
PID 3512 wrote to memory of 2456	3512	Unicorn-59132.exe	100
PID 3512 wrote to memory of 2456	3512	Unicorn-59132.exe	100
PID 3512 wrote to memory of 2456	3512	Unicorn-59132.exe	100
PID 4380 wrote to memory of 632	4380	Unicorn-28690.exe	101
PID 4380 wrote to memory of 632	4380	Unicorn-28690.exe	101
PID 4380 wrote to memory of 632	4380	Unicorn-28690.exe	101
PID 3316 wrote to memory of 4396	3316	Unicorn-45026.exe	102
PID 3316 wrote to memory of 4396	3316	Unicorn-45026.exe	102
PID 3316 wrote to memory of 4396	3316	Unicorn-45026.exe	102
PID 3620 wrote to memory of 412	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	103
PID 3620 wrote to memory of 412	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	103
PID 3620 wrote to memory of 412	3620	831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe	103
PID 64 wrote to memory of 1800	64	Unicorn-64700.exe	104
PID 64 wrote to memory of 1800	64	Unicorn-64700.exe	104
PID 64 wrote to memory of 1800	64	Unicorn-64700.exe	104
PID 5028 wrote to memory of 3460	5028	Unicorn-50684.exe	105
PID 5028 wrote to memory of 3460	5028	Unicorn-50684.exe	105
PID 5028 wrote to memory of 3460	5028	Unicorn-50684.exe	105
PID 2228 wrote to memory of 3104	2228	Unicorn-42796.exe	106
PID 2228 wrote to memory of 3104	2228	Unicorn-42796.exe	106
PID 2228 wrote to memory of 3104	2228	Unicorn-42796.exe	106
PID 536 wrote to memory of 1340	536	Unicorn-42900.exe	107
PID 536 wrote to memory of 1340	536	Unicorn-42900.exe	107
PID 536 wrote to memory of 1340	536	Unicorn-42900.exe	107
PID 3004 wrote to memory of 5112	3004	Unicorn-31290.exe	108
PID 3004 wrote to memory of 5112	3004	Unicorn-31290.exe	108
PID 3004 wrote to memory of 5112	3004	Unicorn-31290.exe	108
PID 4224 wrote to memory of 2388	4224	Unicorn-3905.exe	110
PID 4224 wrote to memory of 2388	4224	Unicorn-3905.exe	110
PID 4224 wrote to memory of 2388	4224	Unicorn-3905.exe	110
PID 412 wrote to memory of 3800	412	Unicorn-42827.exe	109

C:\Users\Admin\AppData\Local\Temp\831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe
"C:\Users\Admin\AppData\Local\Temp\831012cfa26e463800014d5fc88026335ce7cdb0cc15d479ecec26c14586f82aN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        10⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        10⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        10⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
        9⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        9⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        9⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        9⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        7⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        9⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        9⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        9⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe
        9⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        8⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        8⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        7⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        7⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34636.exe
        6⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        9⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        9⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        8⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        8⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        8⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        8⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        6⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        8⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        7⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14076 -s 444
        8⤵
        Program crash
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        7⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        7⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        6⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        8⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        9⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        9⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        8⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        8⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        7⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        7⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        6⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        8⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
        7⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        6⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        5⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
      4⤵
      Executes dropped EXE
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        8⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        7⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        7⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        6⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        5⤵
        Executes dropped EXE
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54528.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        7⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        7⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        6⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        6⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        5⤵
        
        PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        5⤵
        Executes dropped EXE
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
        6⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        6⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        5⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58657.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      4⤵
      PID:5592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        9⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        9⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        9⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        9⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        8⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14087.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22369.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        7⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2682.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        9⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        9⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        7⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        7⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        7⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        7⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        6⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        8⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        8⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 436
        9⤵
        Program crash
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        7⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe
        7⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        7⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        5⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
        8⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        5⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        6⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        5⤵
        
        PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        8⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        9⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        9⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        7⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exe
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        6⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        6⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        7⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        
        PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
      4⤵
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        5⤵
        
        PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        8⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        7⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        7⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        6⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        7⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        6⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3833.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        6⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        6⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
      4⤵
      PID:380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        6⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22369.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        6⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        6⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54528.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        5⤵
        
        PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
      4⤵
      PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        5⤵
        
        PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        5⤵
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
      4⤵
      PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
      4⤵
      PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
      4⤵
      PID:8384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
    3⤵
    PID:9192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
    3⤵
    PID:11992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
    3⤵
    PID:13380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
    3⤵
    PID:10136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        9⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        9⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        9⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        9⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        8⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13980 -s 444
        9⤵
        Program crash
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        7⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        6⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        8⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11102.exe
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        5⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
        9⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        9⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        9⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        8⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        7⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        7⤵
        
        PID:15268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15268 -s 464
        8⤵
        Program crash
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        7⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        6⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        7⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        6⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
        6⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        5⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        7⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        5⤵
        
        PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
      4⤵
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        5⤵
        
        PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
      4⤵
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        8⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        7⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        7⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        6⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        6⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        6⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      4⤵
      PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
      4⤵
      PID:15308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
        6⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        6⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6006.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        5⤵
        
        PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        5⤵
        
        PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
      4⤵
      PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
      4⤵
      PID:11180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        6⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
      4⤵
      PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
      4⤵
      PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
      4⤵
      PID:9844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
    3⤵
    PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
    3⤵
    PID:10028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
    3⤵
    PID:15260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
    3⤵
    PID:1248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        7⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        8⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24862.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        7⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        7⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23130.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        7⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        5⤵
        
        PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        5⤵
        
        PID:5616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 468
        6⤵
        Program crash
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        5⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        5⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        5⤵
        
        PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
      4⤵
      PID:15584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        6⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36295.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
      4⤵
      PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
      4⤵
      PID:8252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        5⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        5⤵
        
        PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
      4⤵
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
      4⤵
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
      4⤵
      PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
      4⤵
      PID:10464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
    3⤵
    PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
      4⤵
      PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
      4⤵
      PID:9292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
    3⤵
    PID:8340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
    3⤵
    PID:11716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
    3⤵
    PID:13792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        6⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        6⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        6⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
        5⤵
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        6⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        5⤵
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
      4⤵
      PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
      4⤵
      PID:15824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
      4⤵
      PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3833.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
      4⤵
      PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
      4⤵
      PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
      4⤵
      PID:9860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
    3⤵
    PID:7868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
    3⤵
    PID:11592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
    3⤵
    PID:436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
    3⤵
    PID:8360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
      4⤵
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        7⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        6⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13996 -s 436
        7⤵
        Program crash
        
        PID:16308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13996 -s 424
        7⤵
        Program crash
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        6⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        5⤵
        
        PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
      4⤵
      PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
      4⤵
      PID:15468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
    3⤵
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        5⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
      4⤵
      PID:13972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
      4⤵
      PID:10304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
    3⤵
    PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
      4⤵
      PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
      4⤵
      PID:13908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
    3⤵
    PID:10012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
    3⤵
    PID:12864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
    3⤵
    PID:15192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
    3⤵
    PID:16356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
    3⤵
    PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
      4⤵
      PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
      4⤵
      PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
    3⤵
    PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
    3⤵
    PID:15228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
  2⤵
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
    3⤵
    PID:12932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
    3⤵
    PID:4028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
  2⤵
  PID:9200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
  2⤵
  PID:11760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
  2⤵
  PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5616 -ip 5616
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 15268 -ip 15268
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 13980 -ip 13980
1⤵
PID:7980

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe

Filesize
468KB

MD5
37532e7173e2e1c517dd915ef7c211ea

SHA1
588c4c4a82e89123d713438f0f6795fa19e9059e

SHA256
cf67504fdb3a0f43be69036a25fc4de779054dabd73c02802406e1cb338349cd

SHA512
72b3772cdad9c964552248e498e35d3f41a8c35447d6b25a7331fd3691eea691d3de087d753441e8f9be19424a498789a4100fea2077e3ba8aa0a8bebe4eee98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe

Filesize
468KB

MD5
00ba0cc50474d997e82cd6ad5609c003

SHA1
d44cef1c34d251c5746b369eb5e0a61454492d49

SHA256
6fa6b77d6a02ac0b5c218c6b648de7d1e2202e17ba75bca733a496f5c6478460

SHA512
1ccabbfe8f2b978bc23f3f15a9dfd24ab23e513ca327473389e598b0fb5548b7aec2b54fd367a4b4d2d5214772c3b568bec2da7456e5820bbb425ceb0fb3a8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe

Filesize
468KB

MD5
588272a99e0ad271cf1534139a8c05d3

SHA1
e3021d21646e5fe27e6318fef8d35c4eeb5a223c

SHA256
02b253ec8f0139565ddbc06bbb95d361611ff007d56cc87b85a692c03ff8ac1a

SHA512
1d82c2df2d1b518e7063ea7f1625a1c1f1cb424c7f9a7875763c1dad5d279f1fccaf393ec67a35d0346e6657289c9273df98de479871e73238352b8b010c79ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe

Filesize
468KB

MD5
7c370e964278d3ef2595049f2208e51c

SHA1
8b25aae609bbdf6d3f3e6f51de002d7595e0e014

SHA256
75d50fbf0170b86a0b8368de65e3433e0d0d9ded12189973a383c1a25a2c47a5

SHA512
3487ba6f99b20766fa968fb18d29a787b1d5c2fcce0e301b71bab1e5f49a218988a2d565d0d14fad2d1973c5039e3ecdb7425b9228853c9750fb1b9bad7a75b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe

Filesize
468KB

MD5
6af924baa7bcb7470f94cdf741cf8384

SHA1
7efd25576dab1465b6ec0b7ec3ae0ea27668a9a1

SHA256
40841e4d30575006d89601b965e348776e50ffe974f6d6e94c2f387deb99e6fe

SHA512
329509bd62936bfc36a0a4ac8e58b67f620dc20e85cd0a51c821277e34186e8ccee6fd3f198fc356a738d871bdb77733d9048c85eaa1ad4a49f46cbc34290d79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe

Filesize
468KB

MD5
1b7cac0737ed1faaa6583ab8808c13e5

SHA1
25fb48c4db268947804d8d13e324438d6032351b

SHA256
a3771cea9cc8d035695a7b034679200db6a18225fcd1a663f597a84b4570aaeb

SHA512
01d73a3b90f80fdb5f9fdcf61b504f2eae6cd44675e607082fa1f852c0e31cb2202fa71747c79d591b95771c1f67082b7d686fea9378e67966680407a0cd23e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe

Filesize
468KB

MD5
7428c3d5bc249fd8bd37a99d4a231689

SHA1
07979b3efacf917e7bc0e8e3b62704470d26563e

SHA256
d4c427d68ed925a1469a9c5952e64b6a382f653b16fe10917bac067351d2262e

SHA512
aad1d35886fc8c061d8485d243ea8dd0c0ea45279d11ceb5b183816e819436fa8719beeaad62e0e109983af73e1faf919c80eb4b303cce6439d3077e992fcdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe

Filesize
468KB

MD5
d70b1a943352c870797f867ff66f885d

SHA1
938ad54f6dc7c511a007691afc6aa114f638c0a5

SHA256
0e1694a34d5e82212b72b26cb6e2910a1096d933ca2f7e05e053b681b24ebbfb

SHA512
4235d4832477e626dd878aae5753478a91180b95c0e69feb739aea07bb80acf67d6595421128c5c23334884760021668c4c5ad4246ee363eca3413cabf3cdb05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe

Filesize
468KB

MD5
c41ef7db975d6c30d652e563537d2556

SHA1
9073faaeab8ab22f3edfadcb17e636f63f4e3b47

SHA256
e497ad200731803be0fde38ebec460d95dec5ab0c272e481389a7883b02eff9c

SHA512
a8b5a9aa8426a25ece92584a1d72d9f38eb469597993f1cbc4833db2ce4673b4d3d4877e8c80f8abc2be12d6b30dc82a0128ff2fae2620789502ea42ee649268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe

Filesize
468KB

MD5
548661ecf40e86765c614a59ba563376

SHA1
451af62fbad5f6fe4032925c89dad45147f27796

SHA256
b311d3bbc6c289c75235abb7ec494e5859a6255c929d566090acd190d9584602

SHA512
40b6669843e1e184cd063505873edcdc296c247d633cce90d56853201d992c6c06ed6f176ef0f8319292d2c7a5ec1510575733d39f074e567ce59d1b2625ed4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe

Filesize
468KB

MD5
61b7173ed5e6cb05c3553dd2fbe38333

SHA1
9a0bd475a6ce39fb57bd64e40ea66af0e9228df8

SHA256
42b4485b5f7eaae9b77a756377e6ac303b53c0406a292986e206c18cc3fce775

SHA512
09d9e112b20c033ad777c302c4d7037f43a26c022667ba57a3ea5ad8cbb6b2be2c23d22ea34bbb1d0a1575cd3b47d57ee4eca5ed64f5d8a982fec9548149fc2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe

Filesize
468KB

MD5
42c2ee31b75533475f32c0729a399108

SHA1
b75342b29d476da5854bbddd0a0bda811deabb17

SHA256
0c06ff0e7f7a9c8f6e7a1afe7d318e9938efc9f1d09f1c4755fb9041c5da4f39

SHA512
baf16a442ac2183266712cc816a953342987b14a530ff6953410d42d37d2664bfd48402fdb5a7fa0175a2fb998cb2905478841c60eabc0004ebe925f2025dbc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe

Filesize
468KB

MD5
c1643d917ba1c51084b09d4e2e59d08a

SHA1
5b381e501b20021ce555d2ede216179921005e9a

SHA256
acacd15b70274e752947f4c1327d10c4cb351e36604f675751b3f1e879c11049

SHA512
467df893c533660d4eafc679afc77d3bc183957f74374808f3d1d4f3bfcfdf51a3ee09e22c30ab350c7bc1aefc2bfe3341821ced04d63b5090b92755692be8d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe

Filesize
468KB

MD5
1a3f5120ea4daa249c0a0c4471ea8051

SHA1
6ae36f3319ea589b5ad0effc4b4d53d2feced683

SHA256
79d0e2314b3b6bd5bc15baee766e22df6e4c6dde9121588d2a6b875c0c7f5a73

SHA512
6d7f2080dfe6443af0d5beb3fc92cdf45809ee3becb81d509ab364e54e351f846ce8de78e50229841b2030ec55960c6aba8191f022b2e599df2490f03ffc0ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe

Filesize
468KB

MD5
352debcf03bef78f3e568d13f51bd985

SHA1
017701a811e06f899c6a30cb6a4f62b51cbf2295

SHA256
98eb0f88295ea28a358d4e6cde6dd7c9669d5f11439766912724d01c0ccc6c1f

SHA512
63f33652bc71c4724ea73fb6870d4bb432a70ad4a0899d4c01b731a7e08f611926d0ddd1a266edde26da2e070fd817af7ef73c21a0b79140ec66e1ad10bfa15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe

Filesize
468KB

MD5
b4eafdb652d978220cb30e3c0f474f31

SHA1
51254d60daa0254c6aa2e9d02777aa9750abc3c4

SHA256
1945a56cf072c2c8c7d4857b0eda110c9fab162bf7ca79cc9579c8072eff12d2

SHA512
fc03ea00db4ef4cbdeb20922c50abdc74847520a880f183fd17b526ed00180be29682bfa2f012946be3f07d501c6d3079394cfbc59a408139aa03be010aa9f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe

Filesize
468KB

MD5
c3da1e2e309fb04bf09650871e27eac6

SHA1
2a667c3b8e611cde2f055767d4d3935c6b4017c0

SHA256
b0f2c245e84a32468a3da9c8e5018dd224cb1e16373ac2d7a3e9c045aab3b86a

SHA512
2e490420d0ef13c55a140f3e8340868d21fe8a44329e2c89f46ec03aefc410ffe0e90d1fcf4f900644168225cd6f60d40c7c3ae171604b5c5576b81ce5787643

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe

Filesize
468KB

MD5
66c4be1716658c4bd09d1e9c32d3c2b2

SHA1
9c216006b6ddd3664bccb3f9b9287023fcfaf071

SHA256
edadc515450b646addeeefcaae976809c462a899e0d0f6969c45cf1f6713881d

SHA512
46327ab1c2e9cebcf8889fe9fb085dce7b5c19c1f30bcba1a74c2cb844bc0847640a5e880d224fed9f65fb89bfa4d575074718595b9615b02f9131e8159dbf9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe

Filesize
468KB

MD5
53b57d941f4f82bddc46b6f912b5e0ef

SHA1
cccf56d5c27e3d1fa3c4e47a92cd9eab4f7c14ce

SHA256
c4199e68d42131154cad478e37e08991bfe1a54f65ed499b7755b30a45307f35

SHA512
3ace8e1b8e9acd5a176270488fb759f32fe6d3ba985223197c623bae87a9d19d0efd59a8c1b878cff626705f6b192eeb11049537ec5555f640c23b307227e61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe

Filesize
468KB

MD5
4a4ba0aadd5c9ab5fd0ffb4acd203cd4

SHA1
688f41d5e99d658eb45d9575c52ef39556018a4c

SHA256
562e6c5a1c2dcf7651d02419d025e4238b23905bbcd181f7b963bc9eb4661c05

SHA512
15427686aa1ec3b9d22fed122522c69aa96ea81d1791019bef6f062d9c3a11dca3fee1508f4febf871f74a11550a0caa2d870ab6777ee793e24b28aa5644629c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe

Filesize
468KB

MD5
b103986eab2f773d67a45b340fd3b630

SHA1
7e8822559038dbcc6c82bd2ea717cb1fd1139a44

SHA256
93bdb14a57b3545e609eb6ebb2be666034c570f4215a92c97482c16eeb26923e

SHA512
e56ce392f5fbb6176df485036fc54882e3ff5912e09309d495af998dec425f1e5c10a09042664b92e6096d9ca5e79b38ea10bc0b243aac02a83e66e948bf997c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe

Filesize
468KB

MD5
8929dc87dd780a62a70b540a9003b7d3

SHA1
37ef42d83c68eb330e37dd40944360e1a8d6e45b

SHA256
415c5f5edb42cd8163f8ce4645c9e320f545e5c37c92cdba6dbe31c53d3f14a0

SHA512
eebba03710646be36223f270ccea78bb6fe70c5e0ecc420723e0a390e63f0926f42042d032d1102c348a1cf704eb61f20e872b6c4c8a531ac7ce763e22f04be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe

Filesize
468KB

MD5
557e22417fad07a506ca19767d63f292

SHA1
939e3c2747fe4ced6a0c0954aa2a0b7ebad03398

SHA256
e92e4550e4e5044bfd865dedc11e116dc5788c399cb0ded672f6600a502f4241

SHA512
b56a2be38cd792124e2046db387b8876fd4161b13d420f31bd6c9fc2879a1f8da20d7e8cb6ef0aa9f43e86857c18459725b91e9252851184d90aa8ffd2b3a5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe

Filesize
468KB

MD5
19300e6a21ab28c7a264798363a9ed44

SHA1
20f2432fecc6507947a07591a52a8ee686c72a4f

SHA256
7dc49949aa20bb1d8054bebf3ced78a2f1baf57927486f9527f1e350b3c31469

SHA512
12628d4b29d1542e0d2df4552f6996d392cdc9ccb5f510cabc4e67b19ac3911cdded13f0a8fe0b79d7e3702bbe0e121724d06896efc509e1b83268fe20610792

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe

Filesize
468KB

MD5
17df46fe39928b8610aafefa405d389b

SHA1
904701fc44825a1cf53295b83957187b6a3d099e

SHA256
69078bb69fd7fb5bde1ac395bcdc466c5e8eb18856ad93291f99d5e7c8b40501

SHA512
d8e063e51fe8fecf9bd06b519eb814f758ad56105ea86e22f4fbad6911cfd016c3e5b01cd5a123812544c63c455a7766aa50d7124b5c12077e7e23ff5e3e07ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe

Filesize
468KB

MD5
1ff2d007754ac7106e16a9925ad913dd

SHA1
5943cc7d450fb0a20ca57014d3e40c003f62bbd0

SHA256
502c5daebc4748042bf1937f9486ba393207c1239ea454d348c739bb124855ec

SHA512
2c2756bdc4f40edd150ba4fa885698961944840bae7064d3e797d3ea526f9f44e2ee6d9c66fd3e219ef1283c751984bc7eeb22fd86669ae02569b5b5f169be58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe

Filesize
468KB

MD5
4d1ac1e1304781d523d4fac0321d966b

SHA1
8dfb78effcdd553ae8bd507e296c1effb260b836

SHA256
9dff88f84329efde575e3df3ad932e7bcbb9ce6829c61b53de400d85d0cb95ef

SHA512
5c7412abac848f3c30349dc7e89f0d14405881d7b4419ccd50fead692e6878a63d4e3a1e3db389fc5248c53824d82af8488844fb728f0b2e28ec001e54dbf625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe

Filesize
468KB

MD5
9fd670d6780745576768510fd2e6d52b

SHA1
7700acbc73ec049531460d97cb7222972586cda2

SHA256
a149e677d9f74c340f00ded8a05e5b593e4a1aea39d948003140fd760ecf9579

SHA512
bf78f0c463b413c7bc27352ac34eeabfa852eb4da88b06143783001df4db4ff165c9f51fb7b0aa073c605889866187dd62ccf0e8a2183e367da8f54330f133e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe

Filesize
468KB

MD5
96c3351ae4dc574f073a24dc26e10c0b

SHA1
3858c4fa238ba0ca8eeae387235b2ad71a5c1d93

SHA256
f76dc94fd3ba9e6407a8262da0a7841b07c58d4599df57d76dda20aff05cbabb

SHA512
d1bd0e571d79c954479ff6145cfaca869e5c46aaaafddd01ef305ca28b291488127209f2d7f9d02e4655cddaf25dba3151aba0083d26cf3342f56ec7ac94a627

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe

Filesize
468KB

MD5
c3c05ab676aa7ce170e0dee62623a506

SHA1
dc985b51a93616620f5370d92f551db0d77cee2a

SHA256
4fc30f33ceff5378791a8835624fabe69129ec6035f40eff15f426e8182c4f6a

SHA512
25c12e1fc03c341abacbfccfb94ab7cb16d1aaab351834d0f7cd04a0c2ecd3c06a6085b88e6bc195518e96e3e45265b0043691d97630ef7f058b65ae70d0172a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe

Filesize
468KB

MD5
590774440294b52050c0949d8f44018b

SHA1
baa0497d7765bf66d85f01db7ba4b22ca9f20cab

SHA256
376dab67056feb3a5728ed59137305b3c279b00322fccf209172b99a5bb2db86

SHA512
651ad4374d157bd21eb879bbb714e135e08834790663cedc070a1f47c9491c2450ba2b6d0e95c64f21281f4b02f847b6cba4c16eeacb98ad0d17aaebae1e4338

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe

Filesize
468KB

MD5
dfffbb0a3e8a94d4d595cd85dd7901fb

SHA1
a6e01c8243e869e45809e0ecc566f7437a4b9b4a

SHA256
c810442a736474bbbcd589a08cb3bcfe11a9463c77aa4d1eafedad15627c516f

SHA512
7dac1438e59e515c16343319aa4b2488a5a89145103a8b8e31d246747fb93f3623a06d5f3304d8e8bd976bc059cd22740a0b0ce1fc4ba9a763fb7e9a86eaa790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe

Filesize
468KB

MD5
d00c91b4a4b93c6347498e5be5c02a3f

SHA1
f698fe3f044882e37b518770ee3f353e07998db7

SHA256
27730babe28c7fc977f5311d914e1d6e2a1961acca6baa108106e90229734945

SHA512
372ecc0e2fa7ca7442cc4c8ab3b7cfad3484003a555d6f978a8a81b8437ac076559879e677960bc46b2f51553ece630326dd7e9702f84bcc0af623053f002f2f

Download Submit
memory/64-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/404-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/412-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/908-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1032-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1076-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1132-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1156-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1228-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1328-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1800-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1928-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1948-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2060-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2280-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2916-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3004-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3044-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3108-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3420-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3448-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3756-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-2571-0x0000000075D00000-0x0000000075D7B000-memory.dmp

Filesize
492KB

Download
memory/3800-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3808-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4060-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4132-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4388-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4396-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4460-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4568-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4772-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4784-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-2572-0x0000000075D00000-0x0000000075D7B000-memory.dmp

Filesize
492KB

Download
memory/5112-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5240-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5384-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5408-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5460-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5476-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads