2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8

Analysis

max time kernel
139s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe
Size

468KB
MD5

79bbdaa3cc8dd14eac66837a133e992f
SHA1

f4fcc1bc23cbabde14f64cae140102192f9b5a28
SHA256

2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8
SHA512

0236fb6e8f85e67f0691cd576a50bcdb95660b5cbe9df2af3d54c1712221dc79d219b9e207edf8412982068551a2acc0bf77d568fd5fc02c02b89e773286c3d5
SSDEEP

3072:mrz7ogKxjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lOKEln0AWo1SDlk:mrfotAUF1PDyqf/Bt8El07o1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4100	Unicorn-62612.exe
3228	Unicorn-53458.exe
1668	Unicorn-52067.exe
4380	Unicorn-14345.exe
2876	Unicorn-49711.exe
2116	Unicorn-57324.exe
3164	Unicorn-55278.exe
1176	Unicorn-21336.exe
4656	Unicorn-37764.exe
464	Unicorn-13167.exe
4476	Unicorn-33588.exe
1704	Unicorn-33588.exe
32	Unicorn-13722.exe
2688	Unicorn-6680.exe
3864	Unicorn-5554.exe
1496	Unicorn-18368.exe
5040	Unicorn-54309.exe
2420	Unicorn-44024.exe
3844	Unicorn-56011.exe
2236	Unicorn-60360.exe
3396	Unicorn-64444.exe
3664	Unicorn-64444.exe
2980	Unicorn-64444.exe
1868	Unicorn-44579.exe
1812	Unicorn-62398.exe
4484	Unicorn-48663.exe
4684	Unicorn-2991.exe
4840	Unicorn-18565.exe
3712	Unicorn-21365.exe
4032	Unicorn-10536.exe
1692	Unicorn-61128.exe
4468	Unicorn-60936.exe
4972	Unicorn-11827.exe
3160	Unicorn-10173.exe
3928	Unicorn-10173.exe
1636	Unicorn-60558.exe
3936	Unicorn-62451.exe
3200	Unicorn-45368.exe
2792	Unicorn-6473.exe
1332	Unicorn-18460.exe
3512	Unicorn-18726.exe
772	Unicorn-251.exe
5024	Unicorn-39146.exe
972	Unicorn-39146.exe
2040	Unicorn-24756.exe
3364	Unicorn-64827.exe
4364	Unicorn-4335.exe
2276	Unicorn-55482.exe
1836	Unicorn-45944.exe
2736	Unicorn-26078.exe
4776	Unicorn-17910.exe
1740	Unicorn-17910.exe
4340	Unicorn-49763.exe
4404	Unicorn-43898.exe
1892	Unicorn-43898.exe
396	Unicorn-30162.exe
1776	Unicorn-2773.exe
220	Unicorn-23093.exe
1976	Unicorn-9358.exe
1472	Unicorn-29224.exe
4900	Unicorn-7433.exe
1628	Unicorn-19420.exe
1404	Unicorn-54496.exe
3516	Unicorn-24324.exe

Program crash 28 IoCs

pid	pid_target	Process	procid_target
3520	4380	WerFault.exe	85
4652	3864	WerFault.exe	96
1408	1704	WerFault.exe	94
5176	2980	WerFault.exe	108
6056	1628	WerFault.exe	157
5788	1976	WerFault.exe	153
6328	1472	WerFault.exe	154
8044	2276	WerFault.exe	141
7856	5752	WerFault.exe	237
7896	1740	WerFault.exe	145
7280	5692	WerFault.exe	211
9208	5504	WerFault.exe	204
552	5560	WerFault.exe	207
9360	5108	WerFault.exe	233
6060	4484	WerFault.exe	111
11008	5252	WerFault.exe	273
11212	6588	WerFault.exe	278
12740	7296	WerFault.exe	371
12732	7412	WerFault.exe	337
11932	6108	WerFault.exe	228
12844	5324	WerFault.exe	199
15256	5200	WerFault.exe	236
5680	6096	WerFault.exe	267
1508	6180	WerFault.exe	243
7068	1296	WerFault.exe	279
6348	7404	WerFault.exe	336
13276	6012	Process not Found	271
13272	5112	Process not Found	169

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27250.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15408	dwm.exe
Token: SeChangeNotifyPrivilege	15408	dwm.exe
Token: 33	15408	dwm.exe
Token: SeIncBasePriorityPrivilege	15408	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe
4100	Unicorn-62612.exe
3228	Unicorn-53458.exe
1668	Unicorn-52067.exe
4380	Unicorn-14345.exe
2876	Unicorn-49711.exe
2116	Unicorn-57324.exe
3164	Unicorn-55278.exe
1176	Unicorn-21336.exe
4656	Unicorn-37764.exe
4476	Unicorn-33588.exe
464	Unicorn-13167.exe
1704	Unicorn-33588.exe
32	Unicorn-13722.exe
3864	Unicorn-5554.exe
2688	Unicorn-6680.exe
1496	Unicorn-18368.exe
5040	Unicorn-54309.exe
2420	Unicorn-44024.exe
3844	Unicorn-56011.exe
4484	Unicorn-48663.exe
3664	Unicorn-64444.exe
1868	Unicorn-44579.exe
2980	Unicorn-64444.exe
3396	Unicorn-64444.exe
1812	Unicorn-62398.exe
4684	Unicorn-2991.exe
3712	Unicorn-21365.exe
4840	Unicorn-18565.exe
2236	Unicorn-60360.exe
1692	Unicorn-61128.exe
4032	Unicorn-10536.exe
4972	Unicorn-11827.exe
4468	Unicorn-60936.exe
3160	Unicorn-10173.exe
3928	Unicorn-10173.exe
1636	Unicorn-60558.exe
3936	Unicorn-62451.exe
3200	Unicorn-45368.exe
2792	Unicorn-6473.exe
1332	Unicorn-18460.exe
3512	Unicorn-18726.exe
5024	Unicorn-39146.exe
772	Unicorn-251.exe
3364	Unicorn-64827.exe
972	Unicorn-39146.exe
2040	Unicorn-24756.exe
4364	Unicorn-4335.exe
2736	Unicorn-26078.exe
1836	Unicorn-45944.exe
4776	Unicorn-17910.exe
2276	Unicorn-55482.exe
396	Unicorn-30162.exe
4340	Unicorn-49763.exe
1892	Unicorn-43898.exe
1740	Unicorn-17910.exe
4404	Unicorn-43898.exe
1776	Unicorn-2773.exe
3516	Unicorn-24324.exe
4900	Unicorn-7433.exe
1472	Unicorn-29224.exe
1976	Unicorn-9358.exe
1628	Unicorn-19420.exe
220	Unicorn-23093.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 184 wrote to memory of 4100	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	82
PID 184 wrote to memory of 4100	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	82
PID 184 wrote to memory of 4100	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	82
PID 4100 wrote to memory of 3228	4100	Unicorn-62612.exe	83
PID 4100 wrote to memory of 3228	4100	Unicorn-62612.exe	83
PID 4100 wrote to memory of 3228	4100	Unicorn-62612.exe	83
PID 184 wrote to memory of 1668	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	84
PID 184 wrote to memory of 1668	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	84
PID 184 wrote to memory of 1668	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	84
PID 3228 wrote to memory of 4380	3228	Unicorn-53458.exe	85
PID 3228 wrote to memory of 4380	3228	Unicorn-53458.exe	85
PID 3228 wrote to memory of 4380	3228	Unicorn-53458.exe	85
PID 4100 wrote to memory of 2876	4100	Unicorn-62612.exe	86
PID 4100 wrote to memory of 2876	4100	Unicorn-62612.exe	86
PID 4100 wrote to memory of 2876	4100	Unicorn-62612.exe	86
PID 1668 wrote to memory of 2116	1668	Unicorn-52067.exe	87
PID 1668 wrote to memory of 2116	1668	Unicorn-52067.exe	87
PID 1668 wrote to memory of 2116	1668	Unicorn-52067.exe	87
PID 184 wrote to memory of 3164	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	88
PID 184 wrote to memory of 3164	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	88
PID 184 wrote to memory of 3164	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	88
PID 2876 wrote to memory of 1176	2876	Unicorn-49711.exe	89
PID 2876 wrote to memory of 1176	2876	Unicorn-49711.exe	89
PID 2876 wrote to memory of 1176	2876	Unicorn-49711.exe	89
PID 4100 wrote to memory of 4656	4100	Unicorn-62612.exe	90
PID 4100 wrote to memory of 4656	4100	Unicorn-62612.exe	90
PID 4100 wrote to memory of 4656	4100	Unicorn-62612.exe	90
PID 4380 wrote to memory of 464	4380	Unicorn-14345.exe	91
PID 4380 wrote to memory of 464	4380	Unicorn-14345.exe	91
PID 4380 wrote to memory of 464	4380	Unicorn-14345.exe	91
PID 2116 wrote to memory of 4476	2116	Unicorn-57324.exe	92
PID 2116 wrote to memory of 4476	2116	Unicorn-57324.exe	92
PID 2116 wrote to memory of 4476	2116	Unicorn-57324.exe	92
PID 3164 wrote to memory of 1704	3164	Unicorn-55278.exe	94
PID 3164 wrote to memory of 1704	3164	Unicorn-55278.exe	94
PID 3164 wrote to memory of 1704	3164	Unicorn-55278.exe	94
PID 3228 wrote to memory of 32	3228	Unicorn-53458.exe	93
PID 3228 wrote to memory of 32	3228	Unicorn-53458.exe	93
PID 3228 wrote to memory of 32	3228	Unicorn-53458.exe	93
PID 184 wrote to memory of 2688	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	95
PID 184 wrote to memory of 2688	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	95
PID 184 wrote to memory of 2688	184	2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe	95
PID 1668 wrote to memory of 3864	1668	Unicorn-52067.exe	96
PID 1668 wrote to memory of 3864	1668	Unicorn-52067.exe	96
PID 1668 wrote to memory of 3864	1668	Unicorn-52067.exe	96
PID 1176 wrote to memory of 1496	1176	Unicorn-21336.exe	101
PID 1176 wrote to memory of 1496	1176	Unicorn-21336.exe	101
PID 1176 wrote to memory of 1496	1176	Unicorn-21336.exe	101
PID 2876 wrote to memory of 5040	2876	Unicorn-49711.exe	102
PID 2876 wrote to memory of 5040	2876	Unicorn-49711.exe	102
PID 2876 wrote to memory of 5040	2876	Unicorn-49711.exe	102
PID 4656 wrote to memory of 2420	4656	Unicorn-37764.exe	103
PID 4656 wrote to memory of 2420	4656	Unicorn-37764.exe	103
PID 4656 wrote to memory of 2420	4656	Unicorn-37764.exe	103
PID 4100 wrote to memory of 3844	4100	Unicorn-62612.exe	104
PID 4100 wrote to memory of 3844	4100	Unicorn-62612.exe	104
PID 4100 wrote to memory of 3844	4100	Unicorn-62612.exe	104
PID 464 wrote to memory of 2236	464	Unicorn-13167.exe	105
PID 464 wrote to memory of 2236	464	Unicorn-13167.exe	105
PID 464 wrote to memory of 2236	464	Unicorn-13167.exe	105
PID 32 wrote to memory of 3396	32	Unicorn-13722.exe	106
PID 32 wrote to memory of 3396	32	Unicorn-13722.exe	106
PID 32 wrote to memory of 3396	32	Unicorn-13722.exe	106
PID 1704 wrote to memory of 3664	1704	Unicorn-33588.exe	107

C:\Users\Admin\AppData\Local\Temp\2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe
"C:\Users\Admin\AppData\Local\Temp\2295eb5d30d2e0d9b7d6330b06eba943b901ad8416b9d761d82e67b5f0e8add8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17242.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        10⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        9⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        10⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        9⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        9⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        9⤵
        
        PID:16072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 724
        8⤵
        Program crash
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        9⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        9⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        9⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
        9⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        9⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        8⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        8⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        7⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26390.exe
        6⤵
        
        PID:16148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 716
        5⤵
        Program crash
        
        PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:32
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        9⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        9⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        9⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        9⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        8⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        7⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        7⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        8⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        7⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 656
        7⤵
        Program crash
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        7⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        6⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        6⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        5⤵
        
        PID:7412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 628
        6⤵
        Program crash
        
        PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        8⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 668
        8⤵
        Program crash
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        8⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        7⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        6⤵
        
        PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        5⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        7⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        5⤵
        
        PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        5⤵
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
      4⤵
      PID:10328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        10⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        10⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        9⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        9⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        9⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        9⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        8⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        8⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 640
        7⤵
        Program crash
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        8⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        7⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 716
        7⤵
        Program crash
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16319.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
        7⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        6⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
        7⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51456.exe
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        5⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        6⤵
        Executes dropped EXE
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        9⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        9⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        8⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        7⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        7⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51044.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        6⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        5⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        6⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        7⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 656
        7⤵
        Program crash
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        6⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        6⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        5⤵
        
        PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 636
        5⤵
        Program crash
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        5⤵
        
        PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
      4⤵
      PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
      4⤵
      PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        8⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16319.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        7⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        7⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        7⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        6⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        7⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        6⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15075.exe
        8⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        7⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 504
        7⤵
        Program crash
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        6⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        6⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        7⤵
        
        PID:5212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 552
        6⤵
        Program crash
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        7⤵
        
        PID:10324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 664
        6⤵
        Program crash
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
        6⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        5⤵
        
        PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        5⤵
        
        PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
      4⤵
      PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
      4⤵
      PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        8⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
        8⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 636
        7⤵
        Program crash
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        7⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        6⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        7⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
        7⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        6⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        6⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        6⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
      4⤵
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        6⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        6⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
      4⤵
      PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
      4⤵
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        7⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        6⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
      4⤵
      PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
      4⤵
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2772.exe
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        5⤵
        
        PID:8084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 668
        5⤵
        Program crash
        
        PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        5⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        5⤵
        
        PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
      4⤵
      PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
      4⤵
      PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
      4⤵
      PID:8460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 504
      4⤵
      Program crash
      PID:1508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
    3⤵
    PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
      4⤵
      PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
    3⤵
    PID:9716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
    3⤵
    PID:16244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        9⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        9⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        9⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        7⤵
        
        PID:13216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 720
        6⤵
        Program crash
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        8⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        6⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        6⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 720
        7⤵
        Program crash
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        5⤵
        
        PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        8⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        7⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        6⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        6⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        7⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        6⤵
        
        PID:16028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 652
        5⤵
        Program crash
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        7⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        7⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        6⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        5⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        6⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        5⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        5⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        5⤵
        
        PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        6⤵
        
        PID:6408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 632
        5⤵
        Program crash
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
      4⤵
      PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
      4⤵
      PID:14840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 728
      4⤵
      Program crash
      PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        5⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        7⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        6⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        5⤵
        
        PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        6⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        6⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        6⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        5⤵
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        5⤵
        
        PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36800.exe
      4⤵
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
        5⤵
        
        PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
      4⤵
      PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        5⤵
        
        PID:10372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
    3⤵
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        5⤵
        
        PID:15280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
      4⤵
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
      4⤵
      PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
      4⤵
      PID:8008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
    3⤵
    PID:8592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
    3⤵
    PID:11296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
    3⤵
    PID:13732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
    3⤵
    PID:14676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:15948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 676
        7⤵
        Program crash
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        6⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        5⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        5⤵
        
        PID:10768
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 740
      4⤵
      Program crash
      PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16319.exe
        7⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        6⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        5⤵
        
        PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
      4⤵
      PID:10368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        6⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        5⤵
        
        PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        5⤵
        
        PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
      4⤵
      PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
      4⤵
      PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
      4⤵
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
    3⤵
    PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
    3⤵
    PID:9280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
    3⤵
    PID:12320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
    3⤵
    PID:12732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41771.exe
    3⤵
    PID:10340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        7⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        5⤵
        
        PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
      4⤵
      PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        5⤵
        
        PID:5252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 636
        6⤵
        Program crash
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        5⤵
        
        PID:16304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 636
      4⤵
      Program crash
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
    3⤵
    PID:5892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
    3⤵
    PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
      4⤵
      PID:10588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        6⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        6⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        6⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
      4⤵
      PID:5752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 636
        5⤵
        Program crash
        
        PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
      4⤵
      PID:7296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 636
        5⤵
        Program crash
        
        PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
      4⤵
      PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
    3⤵
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        5⤵
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        5⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        5⤵
        
        PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
      4⤵
      PID:8108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        5⤵
        
        PID:7904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
    3⤵
    PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
      4⤵
      PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      4⤵
      PID:11516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        5⤵
        
        PID:10552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        5⤵
        
        PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
      4⤵
      PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
      4⤵
      PID:11488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
  2⤵
  PID:5420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
  2⤵
  PID:7332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
    3⤵
    PID:11776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
    3⤵
    PID:6328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
  2⤵
  PID:8568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
  2⤵
  PID:4792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
  2⤵
  PID:14432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4380 -ip 4380
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3864 -ip 3864
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1704 -ip 1704
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2980 -ip 2980
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1628 -ip 1628
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1976 -ip 1976
1⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1472 -ip 1472
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1812 -ip 1812
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4484 -ip 4484
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2276 -ip 2276
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1740 -ip 1740
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5752 -ip 5752
1⤵
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5456 -ip 5456
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5892 -ip 5892
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2480 -ip 2480
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5660 -ip 5660
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6044 -ip 6044
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5868 -ip 5868
1⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5420 -ip 5420
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5184 -ip 5184
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4216 -ip 4216
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5340 -ip 5340
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 220 -ip 220
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1404 -ip 1404
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4604 -ip 4604
1⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4900 -ip 4900
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 668 -ip 668
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4364 -ip 4364
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3364 -ip 3364
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4032 -ip 4032
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1332 -ip 1332
1⤵
PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3160 -ip 3160
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4324 -ip 4324
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2848 -ip 2848
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5504 -ip 5504
1⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5876 -ip 5876
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5692 -ip 5692
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5884 -ip 5884
1⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6088 -ip 6088
1⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5108 -ip 5108
1⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5560 -ip 5560
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4468 -ip 4468
1⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5524 -ip 5524
1⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 32 -ip 32
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4840 -ip 4840
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1496 -ip 1496
1⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2688 -ip 2688
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3928 -ip 3928
1⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5252 -ip 5252
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7036 -ip 7036
1⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6588 -ip 6588
1⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7456 -ip 7456
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1228 -ip 1228
1⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7208 -ip 7208
1⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5444 -ip 5444
1⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3512 -ip 3512
1⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5024 -ip 5024
1⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4776 -ip 4776
1⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6108 -ip 6108
1⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7296 -ip 7296
1⤵
PID:32

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7140 -ip 7140
1⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6968 -ip 6968
1⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5300 -ip 5300
1⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6772 -ip 6772
1⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5980 -ip 5980
1⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4176 -ip 4176
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6136 -ip 6136
1⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7100 -ip 7100
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4684 -ip 4684
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7412 -ip 7412
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7412 -ip 7412
1⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5200 -ip 5200
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5324 -ip 5324
1⤵
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6180 -ip 6180
1⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6556 -ip 6556
1⤵
PID:15296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6096 -ip 6096
1⤵
PID:14388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 7184 -ip 7184
1⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4356 -ip 4356
1⤵
PID:15768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7544 -ip 7544
1⤵
PID:16080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3200 -ip 3200
1⤵
PID:16240

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1296 -ip 1296
1⤵
PID:16308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7404 -ip 7404
1⤵
PID:11220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe

Filesize
468KB

MD5
1cc5c9812a1e99586361f34fe053d34b

SHA1
4609f1b8af4064d9b8f3a0e8e0605d86e75ada8f

SHA256
b258e34fd536369391bead0e4b11fdc178a34d05102bd82ec034619f24bd84f7

SHA512
c0ec9d6d2aa54894e411f37e2e2f5c21e76e950aeaa6ddd2f7b70d3bd2dfd3fd74b6a7852759789152856d54947a7948810263f13c2534ac6145ea51afe1f15d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe

Filesize
468KB

MD5
293cf0426d876d4581cb0416dcf7f3c9

SHA1
42bfd2779d6ca06ade76e9e1f32b2587c2b225b0

SHA256
9ab338fffc0574533716524439b9df7f015812b3a9ceab4904398aafa3b4ebe5

SHA512
c8f3dcd3effc317204f466a4917edc0ae69b8648df8f75387168364a4d3b43de32e07fbc302d92138ea3d999d325024773063bfba10c139d2958fab88fa05b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe

Filesize
468KB

MD5
28532185c8b4798836689840b5a8d646

SHA1
a02ceb7235d1e27b96f0f6e3a2a5a40c3a578826

SHA256
9415d80437f1d37132651a48bca22e291c87fb64f62877b267523428096208e6

SHA512
dd52bf216acfc0cc80333bb39758a0727308c76e76986e75f9fd11c7deef81e3dbbfbf143a64dc5cdc1a89d7ef52b179aff3be83ceedc6d757429a85d52871f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe

Filesize
468KB

MD5
376a4f2c94df6d242f5bdc82ffcb716a

SHA1
179e91f7e3933033b990738304d26b08db805040

SHA256
5d8460ef67b79be2e489d8b3acbce1222b9e9cd083b370585d4f22b17f095d64

SHA512
33a2fec4f25f7322885d39bc9f2f8f9067ac3b2732626256bb805517a2b04b4d71d6d36763d17198d7167a324cc4d1416e60d1c6fd320cceb6d99a1b9b2fd5f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe

Filesize
468KB

MD5
3b3843efabc45790bde1533f50bedf97

SHA1
a3d25bb4fb2323ac9d8dd33e2ee1006e55d30721

SHA256
6891d7e1606b25739aed701431d64ab4a494faae3a40f9fccbf6e3a13a7f87bf

SHA512
b2326c7f90c7389e6a60c92a4176c4090a26da85ff9663ed2fba91ae8d57ea212a10f40b6f1dc1d546a9aff697d2da53603dd38131c244bd6aa1f0f0f9b68072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe

Filesize
468KB

MD5
5c1229a22d67537a826553baa5244768

SHA1
a6afee1e429df6fd2ad9cd991082547529599408

SHA256
fa23f6ae739495d93c2629430c76eb80b99753de3fcfaf7a5c8afb8f95865c42

SHA512
23b8b148f67672418a87def6d54d81ffd84a89d7f3c3eb6777fa738d2990154250e0c382c15c418e09cb5431239c5df8c835d17263933d4b93b00ec10b6d310a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe

Filesize
468KB

MD5
fef43753b6b8a9d1b229f8ada07b90d5

SHA1
1fc75250ef55ae6c4b6d2a53d06372bab2e72f77

SHA256
83c765daa6cff2ecc5f466822ed1cee96095b2c4bba3d92280a78a7e48c3266b

SHA512
354a03e71b22ec1be9434974141d84e872b7e3dfa0d876740eab8f8f74c7a44e6a155a78384ac070b19caf770560834e689afc30bfa83a0441ffc150c9df3be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe

Filesize
468KB

MD5
0a670415b889b2ee883b66e36f95d6fa

SHA1
4a9100d97e3494c73ac315d5dd5d2348053b9d2c

SHA256
e28c097abe1b01257915ab76ee8807bb0025909cae743d7db817cba72fcd164c

SHA512
c4a6996592333b411f6a1a1f1417766d0036ea665568a70b25bdde128337a8b599096e2faaebb0c08a4d46e00934aeb66c8e86fcfc053f702616b0b646782da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe

Filesize
468KB

MD5
f48a2eeaaab9c5380cc424bed2630669

SHA1
b482ae819b52aba9fc34750f51cac0c5e8cf8891

SHA256
28d11cc67741044cbdd66721aa431b2480e41d2813baafec3d03a855c29a6a6f

SHA512
723d0c5394a9b0d7a75066d3a11c26ce374524d44dd988aeb912e64a0f7bbad2490201e3e208830d36f65e860289e80de4e3ac96bc8c496399c437ba3ae4f7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe

Filesize
468KB

MD5
4f279623776b6dcc169bfafb39c7a0a9

SHA1
68fb814c4910449143ab0a2161f91f1973869710

SHA256
ad2a77d2de7f74362d28c59286afff0ea0c9086aeb65b6f0e38fe653255481af

SHA512
65f3e1dc1225303382e1b24e06642597f1a1d5c51e0e9e51ce14c1bfe7264a999cb10a1e441500785e4dadf41488cd5c67dce57c92857d862061accf25f9bcb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe

Filesize
468KB

MD5
16ae8494637439709b19d2e412304b0e

SHA1
dadfd57771d471306f5b2e112078346a2b37351a

SHA256
b0d1759fc91f3aa1305d5ce096590968b89094eb5b5a91a76c78f7f46851bfbd

SHA512
65db0d57a9d86f0a5ed61424ced56a127429c38e33bc1f29458de1cf18f45cd3aa0e5ca9bea8ccaa59701adc9d7f23273e929781e1937bb239e089f76ddd8b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe

Filesize
468KB

MD5
2f4c2edf4eec755e6c166e738854693c

SHA1
c97ecfd1783dfa673fb064b99c6e9ccbf4c52626

SHA256
89d02bf989466adb9e420eb76a56ab3dc7a807f65d5099ab68da9903f6cff69d

SHA512
4393a0e4038ca11511f6b01517d6402c2a483d1d9343c0c7c2f4c3f06cb44d2331ec33d05062837d4e429481de9b20ff5640c70c784d50b606a11afe8d5a4c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe

Filesize
468KB

MD5
307b06ae301b1e15ec822bb7904183a1

SHA1
258f6d1ed59fac26a915ed063c6ba40f5d868d7c

SHA256
06ca2d874bcc89a876d5c1a01cf17c880299195ff9faa5755eea022e5d4923d0

SHA512
4098faba4943df0c9f6fdc70c80de105fe431bb052d232de575ce075cad45879acb4d3f0445b83f68da43665a35dcde1efbce0ba0330a3958e04fd9cb027f674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe

Filesize
468KB

MD5
e6adbd89f86e5756dc63f3452e55f12c

SHA1
b72c3e88c6b0b0ca85638d97d6ab721e14aa15c2

SHA256
90ccfae27ada443d4e11fc3ef707f5c0b538740b464cf6b53c77aaf87d478187

SHA512
74a2f64fded7a69166572a1606e81897c78b66d549378f3da5bac777cfd1949250b755f5cae75f32c33d5b23739e5de8293607b87a2dc2ee10ac96592b55904e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe

Filesize
468KB

MD5
130189fbe02e4f123144685184b13894

SHA1
55bc25e6883d62f04f0a80c1d06956d72e3e46dc

SHA256
72e8c1b30912ed1979b3e37f6f7db7237c4cee6d04c54f0f433286f56b774301

SHA512
4670b57c926195fb3bfafecc0a0b3f95a26ce2cba71ac897c3500f98a2d6dc1071a00b9e107ecc63e08148b6f6eee37603512c749311b4c17a677337973b8dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe

Filesize
468KB

MD5
6897d8688e5316c2d85bf1c6d0efdbcb

SHA1
490b3a7f8713f729b3484401eb2578b9e69a5d48

SHA256
375572d16ac54204a2ced35846d443edc8a04a1540f558fb059e43cdbadc449a

SHA512
bc471253637ac57ca459c72f68e5fcd340e59c02f6a9585323f91444b4885c65a6117f531f36ecf644066547f8e99b6f22a17c8298bb6fc839edbf8435cea93d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe

Filesize
468KB

MD5
d3253144ca72e95b93ae1b16bc882633

SHA1
b7bec0c27299d5f5495583a8251b6699e9fd2531

SHA256
68282e767a89315e93856c1fde2a4b023fde3feb5dd2f0c3b80c2567c0e894bc

SHA512
cc59b3ac8a96bd9436e0f3900b01ccdf4caf668ee47f20812f078fd649f1bf6a5ad565caa9d82ef6469d815155a34f879cbf5b866abee03189fe95875670c43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe

Filesize
468KB

MD5
180f93199d7dbb5d285e2033a539c63b

SHA1
aa58474f7277001d9de55d7f808d886d1e3b5514

SHA256
8dd8a5786949dfaab8dea43f33f4314486feb2ad0eb38df05e9a1a0f4ac3b4b3

SHA512
a258753d286bd600ce2d4ac1aacbb59b55f953074ee83075302dcbcf89a1ee221a2f049036d33592f4ac67e5923902b209779d450652b8845f978ce06752c71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe

Filesize
468KB

MD5
0e2301a593f992ac4c7798b85346b521

SHA1
2e4c3d73de9deb13f5d7bb042a78edcd8eb7fdbf

SHA256
2dd34ec366f85455cbfe7d6af4018542dd6994fc15a2f89fed6e1988c1e7e74c

SHA512
eeb5c67f7381a13c518681b73b7d49b270c908b8553d8625dbbad9cd5ce5e183de4f77494056036a3eccd03137334eb234e34525da3341b29505f8388429058b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe

Filesize
468KB

MD5
130ab8199277ea03c7169dd8fc38933c

SHA1
54eaf2e8a25887ce44e5a1ced98a779b63ab4dd9

SHA256
27475923ea4e922d3d67a01fe9c4ad6020d450a81ff2c04723f9719a73ad4e6a

SHA512
09030a2bd8006664f5864985e052142b9060428e5f507a8d9475690d76748a56807e0a46c31b4238e00863ac68a35dd7ffc1865234f4775d723a7f98f0a0e9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe

Filesize
468KB

MD5
c990369ec61597729076faeddb8ae22e

SHA1
1f95a7d512a81ace6e6489412d2943778211bd42

SHA256
d8383f3282aeb9f16b63ed9781ea01c6b78f6caa14892b3f9174a8c29dba7805

SHA512
64d2fdf6fdd231918b7775a036e1a1744d31d2434216168e1eb19c38369b5a3698ac3e837cd413db2211d279c69ac2e03535e200cb25a04a6c41e01ec258e596

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe

Filesize
468KB

MD5
d27ec8cfbda0675a8ad0f4bf9d995d91

SHA1
7f901d6d531271d8725d60e114bccbb0da96d9f4

SHA256
58eaddffc753c922f1170dd67e39742ec6edd6ae255ec60d46f1a74623f1d6d7

SHA512
c425260df4c4c7ee527137425594c67d48a561a5ff9f789ff994fce4a9b26aac62e738334ee0a209b1bb1cd2bdd5d32ad609c3f36ffa7dfe1734ea5e79838600

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe

Filesize
468KB

MD5
5146e6ead82dd7a134c8361998cb40fa

SHA1
fce62b0187c4b6740371f30ac85b9e360ded0039

SHA256
6b985d36f40825d21b911ff2dd630a47044b66b8af0d923b4c826a76948b200e

SHA512
b55cec5c62e4414c091d1a63d2ffe06546d881e334ad3ebe318c27aa336a94cd102cb5df46f7600c73e9db4a7b7850a91abb167b12b578447bb22d8513cf992e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe

Filesize
468KB

MD5
c8dbba7a6042dbb20314963cb48fee23

SHA1
d893188fb6f9b86c63ec8ef71a91694b5cacb828

SHA256
f0d5bc1da623c96504f6d176c3715dab756a95c2463fa2652a77afcb646c934c

SHA512
1ae40c1d24e335ac44a0e7665461bc962c76564ebec3668af1f48e509e2b048fcbe1742ecc009bae3978731ff49eb24e869e3fa41808eff217328969f12f9162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe

Filesize
468KB

MD5
4d7cc58436a77b7a3adf90d43fb7d236

SHA1
44d7eefc1d1a9ac2d2a90b8314afa8195a452efd

SHA256
13a3ed6984e466ab33c7a4664b2c2cb629b1e1ebad2503e2b67a06b6156ba28d

SHA512
4af7ae065fd61d30741b97cce4acbb2b490c054d3c58f45c18ca6676347c54b69cfb0843ef0ec4afbab283fad93f78f0e19f596a8c4225e99105841aabb25814

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe

Filesize
468KB

MD5
ade2a4e18df58075397bdde90fa89c17

SHA1
b1a22637a01fa002563033f8d420563dd5007921

SHA256
258be1c0732a74d12155ab6ac149eea4f86346f84c3936a262c2e42e87e03355

SHA512
17366114399df885eb34344e198b2d37a3a50a742d398f081a6873b9eaf4d7a035ba702128374548dd537cd2d5a2e6f7ce37d469bb5c924dbd73db56debc5161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe

Filesize
468KB

MD5
54f2af45fc1d11ab3b684f260b7d3a45

SHA1
c6688526ec9020a7bcb088dedce0f71792da4f69

SHA256
d77a41e10bb5be31498bd01f43e7a4263777c912aec0aaa9df7321e00246117a

SHA512
b61e053417defb072219af6b30245d02129593edad00c3925038d01abc3f698965edafb2a19955a0f60cad4ff4a6e30e6b9b8993e4d1786772bd08b9536deca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe

Filesize
468KB

MD5
f529d004e1dd0ffe4f4cc09fee89baf9

SHA1
2df80d8b8e9c90c63e33c58bb9e41cc59c5570be

SHA256
913162b2a888d665c16023ccb89be3bbb8772bbb69a222466911223fd1e018c0

SHA512
dc021bf775c7e7a3da133427c96cdddb945041dc304f328a299a79e3c5ac80afa33cbc7287f3914aad7797b293583d2b8c56f2915ebe78e36a33c2ec9b4fe450

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe

Filesize
468KB

MD5
7373c916c03ced8db433e25519ac393c

SHA1
3f936e16c65dc303c0726de8a751cb179c4a5e76

SHA256
92d7e37c1713ba42698b5ef226a38ac3cf5b92ca7323cc8082d85d99a0b1535f

SHA512
b7c615b1878a0cbe50e63cf8b3ddc2dbe116c538be17a0022e624fad9a4033131859735a1fa691f61e520012fe3c63c836a2d970930b97ad73a40e02bb47aac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe

Filesize
468KB

MD5
e3880ee66c1719ef336a70a5689a2548

SHA1
a22bac5e52792b13fce9bda547cc9fd65438cfa9

SHA256
b3adf4ff867f58b8d585cb3534c4b6ff9e962b4ab76398a396161a50b314d092

SHA512
bdfc12f002cf3433a9843a08d1b20f75a449f8f3ccae5f73e1607c4982c44f7bd68ac53d47327ecbd5a05bfd2221b710788fa1d7f20614f9f42f59dedd41b715

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe

Filesize
468KB

MD5
f8559d2edda6be558a3be23fc2e4d129

SHA1
52007be83000513e923530d09dabd1bc8282a7c6

SHA256
7debffd2a741c9867b7f934afdda70a79b9fab929e5c0241f6b8495d554fcfd9

SHA512
b9d30fe1965f9f10cb0e1afcf2e794778c9f46cc4f307f5bc7277d05d9f496e7829a93c442b71632f1875ccb8be02bd9c1071b3dada6524a7b03b0ff361effa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe

Filesize
468KB

MD5
6300f137c23b6e044d87a700e9c209e1

SHA1
3280e253ca472e2711e4538ca6453b86682f51ba

SHA256
75184170d187255e349f61ff750fece9509cd657e6e2bc79d6affb761a58014a

SHA512
4bc3ebae5ef5cbcba5bf0c22c682f9ac0453c6d517b06d3fccda22903b07aa2f696e5b77994eaac0b354c019503726b9be2f3a7d1cb16c82f6c2ea1bd53056db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe

Filesize
468KB

MD5
ea4d1e23ae34c526bc858225595fc785

SHA1
2960f04b5ca132325598e28d822e4c627c6bbeb5

SHA256
5ff3e7c18a9d959355a560830e9d1933498028f8c1a1f8ffa71757a6d254055b

SHA512
56c458bfa57d6006b2e0da8da47899f83281a4c7c47789998b691f8e68e3dbb08e71c306c2e28cd75279c3ceef2a32370eb566717a0e700d2242a0f2779f8194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe

Filesize
468KB

MD5
108fdc2a906e22ddedffdbb8e7d0146a

SHA1
106da0a118031984eca7449a7b55e186146aa03e

SHA256
97e0e833d6b218ed727d2782f2f4f9d1b327600e1f33058963176f6467017684

SHA512
cb640479409efc79448b23b874980bdd840ad67bbfac666631cc2cea748dc6e79235dcf97156821956f633bdd9b0d26af38f3fe8133649506d9f7a944dc8de49

Download Submit
memory/32-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/184-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/412-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/772-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/916-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1172-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1332-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1404-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1472-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1524-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1628-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1668-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1740-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1928-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1976-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2420-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3076-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3364-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3404-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3712-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3864-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3864-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3864-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4100-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4356-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4656-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4684-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4692-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5112-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5300-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5324-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5456-560-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5504-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15820-2846-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15912-2848-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads