539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059c

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe
Size

468KB
MD5

0db3dbb30f8cbe402d18d22ab38fee60
SHA1

8685344be031ec0d3a8a1fb7e241507a122fd045
SHA256

539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059c
SHA512

3a2cdafeed0c8106dbfbb577f4c1634ddc757f1975d131bad9f1cc6f00df13cb7cf7240e44afe0cd53eb0464c27cf3ab835a9a91fb6607abb3fc25a1cad18646
SSDEEP

3072:9U/iogOHj28U3bYGPz3yqf8/EUhqhIpaymH2LxHfNjz+Gh8NbTlG:9UqobXU3xPDyqff0hpNjC68Nb

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3184	Unicorn-40853.exe
1936	Unicorn-10993.exe
3524	Unicorn-50635.exe
5116	Unicorn-6580.exe
1548	Unicorn-52444.exe
4980	Unicorn-33698.exe
2780	Unicorn-39829.exe
392	Unicorn-11412.exe
2256	Unicorn-24603.exe
1376	Unicorn-44661.exe
2164	Unicorn-56128.exe
1740	Unicorn-62450.exe
1508	Unicorn-56420.exe
5080	Unicorn-10104.exe
4048	Unicorn-29705.exe
536	Unicorn-20949.exe
3432	Unicorn-2043.exe
3748	Unicorn-19605.exe
4200	Unicorn-63844.exe
4084	Unicorn-64612.exe
4652	Unicorn-64612.exe
4960	Unicorn-33563.exe
864	Unicorn-47299.exe
5036	Unicorn-44499.exe
3756	Unicorn-53429.exe
4476	Unicorn-8753.exe
4888	Unicorn-8753.exe
2952	Unicorn-54617.exe
3852	Unicorn-8680.exe
2532	Unicorn-48587.exe
1748	Unicorn-2623.exe
4604	Unicorn-47716.exe
3068	Unicorn-46844.exe
4852	Unicorn-38837.exe
840	Unicorn-6548.exe
4972	Unicorn-30616.exe
3304	Unicorn-404.exe
2120	Unicorn-38514.exe
1524	Unicorn-44540.exe
3084	Unicorn-32117.exe
3740	Unicorn-34559.exe
4976	Unicorn-35428.exe
4676	Unicorn-38889.exe
1260	Unicorn-21941.exe
4800	Unicorn-22709.exe
4492	Unicorn-23704.exe
1736	Unicorn-43762.exe
5048	Unicorn-11281.exe
2096	Unicorn-43570.exe
2272	Unicorn-18634.exe
696	Unicorn-18634.exe
4064	Unicorn-27509.exe
3300	Unicorn-27509.exe
4116	Unicorn-51171.exe
2912	Unicorn-25013.exe
4544	Unicorn-58261.exe
3092	Unicorn-52131.exe
4332	Unicorn-36964.exe
1212	Unicorn-17098.exe
724	Unicorn-28033.exe
2500	Unicorn-6107.exe
5052	Unicorn-24347.exe
2968	Unicorn-49548.exe
4464	Unicorn-5137.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
13096	12004	WerFault.exe	557
13084	11996	WerFault.exe	556
15504	14580	WerFault.exe	699
16180	16056	WerFault.exe	768
15588	5420	WerFault.exe	223
15584	4676	WerFault.exe	131
16196	7512	WerFault.exe	351
5092	3080	WerFault.exe	834
15012	15844	WerFault.exe	755
316	11832	WerFault.exe	736

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20207.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6888	Process not Found
Token: SeChangeNotifyPrivilege	6888	Process not Found
Token: 33	6888	Process not Found
Token: SeIncBasePriorityPrivilege	6888	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe
3184	Unicorn-40853.exe
1936	Unicorn-10993.exe
3524	Unicorn-50635.exe
5116	Unicorn-6580.exe
4980	Unicorn-33698.exe
2780	Unicorn-39829.exe
1548	Unicorn-52444.exe
392	Unicorn-11412.exe
2256	Unicorn-24603.exe
1376	Unicorn-44661.exe
2164	Unicorn-56128.exe
5080	Unicorn-10104.exe
1508	Unicorn-56420.exe
1740	Unicorn-62450.exe
4048	Unicorn-29705.exe
536	Unicorn-20949.exe
3432	Unicorn-2043.exe
3748	Unicorn-19605.exe
4652	Unicorn-64612.exe
4084	Unicorn-64612.exe
2532	Unicorn-48587.exe
4476	Unicorn-8753.exe
1748	Unicorn-2623.exe
4200	Unicorn-63844.exe
3756	Unicorn-53429.exe
2952	Unicorn-54617.exe
5036	Unicorn-44499.exe
864	Unicorn-47299.exe
3852	Unicorn-8680.exe
4960	Unicorn-33563.exe
4888	Unicorn-8753.exe
4604	Unicorn-47716.exe
3068	Unicorn-46844.exe
4852	Unicorn-38837.exe
840	Unicorn-6548.exe
4972	Unicorn-30616.exe
3304	Unicorn-404.exe
2120	Unicorn-38514.exe
1524	Unicorn-44540.exe
3084	Unicorn-32117.exe
4976	Unicorn-35428.exe
3740	Unicorn-34559.exe
1260	Unicorn-21941.exe
4676	Unicorn-38889.exe
4800	Unicorn-22709.exe
4064	Unicorn-27509.exe
2272	Unicorn-18634.exe
4116	Unicorn-51171.exe
1736	Unicorn-43762.exe
4492	Unicorn-23704.exe
5048	Unicorn-11281.exe
696	Unicorn-18634.exe
3300	Unicorn-27509.exe
2096	Unicorn-43570.exe
2912	Unicorn-25013.exe
724	Unicorn-28033.exe
2968	Unicorn-49548.exe
5052	Unicorn-24347.exe
1212	Unicorn-17098.exe
4332	Unicorn-36964.exe
2500	Unicorn-6107.exe
4544	Unicorn-58261.exe
3092	Unicorn-52131.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 3184	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	82
PID 4264 wrote to memory of 3184	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	82
PID 4264 wrote to memory of 3184	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	82
PID 3184 wrote to memory of 1936	3184	Unicorn-40853.exe	85
PID 3184 wrote to memory of 1936	3184	Unicorn-40853.exe	85
PID 3184 wrote to memory of 1936	3184	Unicorn-40853.exe	85
PID 4264 wrote to memory of 3524	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	86
PID 4264 wrote to memory of 3524	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	86
PID 4264 wrote to memory of 3524	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	86
PID 1936 wrote to memory of 5116	1936	Unicorn-10993.exe	89
PID 1936 wrote to memory of 5116	1936	Unicorn-10993.exe	89
PID 1936 wrote to memory of 5116	1936	Unicorn-10993.exe	89
PID 3184 wrote to memory of 1548	3184	Unicorn-40853.exe	90
PID 3184 wrote to memory of 1548	3184	Unicorn-40853.exe	90
PID 3184 wrote to memory of 1548	3184	Unicorn-40853.exe	90
PID 3524 wrote to memory of 2780	3524	Unicorn-50635.exe	91
PID 3524 wrote to memory of 2780	3524	Unicorn-50635.exe	91
PID 3524 wrote to memory of 2780	3524	Unicorn-50635.exe	91
PID 4264 wrote to memory of 4980	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	92
PID 4264 wrote to memory of 4980	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	92
PID 4264 wrote to memory of 4980	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	92
PID 5116 wrote to memory of 392	5116	Unicorn-6580.exe	94
PID 5116 wrote to memory of 392	5116	Unicorn-6580.exe	94
PID 5116 wrote to memory of 392	5116	Unicorn-6580.exe	94
PID 1936 wrote to memory of 2256	1936	Unicorn-10993.exe	95
PID 1936 wrote to memory of 2256	1936	Unicorn-10993.exe	95
PID 1936 wrote to memory of 2256	1936	Unicorn-10993.exe	95
PID 1548 wrote to memory of 1376	1548	Unicorn-52444.exe	96
PID 1548 wrote to memory of 1376	1548	Unicorn-52444.exe	96
PID 1548 wrote to memory of 1376	1548	Unicorn-52444.exe	96
PID 3184 wrote to memory of 2164	3184	Unicorn-40853.exe	97
PID 3184 wrote to memory of 2164	3184	Unicorn-40853.exe	97
PID 3184 wrote to memory of 2164	3184	Unicorn-40853.exe	97
PID 4980 wrote to memory of 1740	4980	Unicorn-33698.exe	98
PID 4980 wrote to memory of 1740	4980	Unicorn-33698.exe	98
PID 4980 wrote to memory of 1740	4980	Unicorn-33698.exe	98
PID 2780 wrote to memory of 1508	2780	Unicorn-39829.exe	99
PID 2780 wrote to memory of 1508	2780	Unicorn-39829.exe	99
PID 2780 wrote to memory of 1508	2780	Unicorn-39829.exe	99
PID 4264 wrote to memory of 4048	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	101
PID 3524 wrote to memory of 5080	3524	Unicorn-50635.exe	100
PID 4264 wrote to memory of 4048	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	101
PID 4264 wrote to memory of 4048	4264	539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe	101
PID 3524 wrote to memory of 5080	3524	Unicorn-50635.exe	100
PID 3524 wrote to memory of 5080	3524	Unicorn-50635.exe	100
PID 392 wrote to memory of 536	392	Unicorn-11412.exe	104
PID 392 wrote to memory of 536	392	Unicorn-11412.exe	104
PID 392 wrote to memory of 536	392	Unicorn-11412.exe	104
PID 5116 wrote to memory of 3432	5116	Unicorn-6580.exe	105
PID 5116 wrote to memory of 3432	5116	Unicorn-6580.exe	105
PID 5116 wrote to memory of 3432	5116	Unicorn-6580.exe	105
PID 1376 wrote to memory of 3748	1376	Unicorn-44661.exe	106
PID 1376 wrote to memory of 3748	1376	Unicorn-44661.exe	106
PID 1376 wrote to memory of 3748	1376	Unicorn-44661.exe	106
PID 5080 wrote to memory of 4200	5080	Unicorn-10104.exe	107
PID 5080 wrote to memory of 4200	5080	Unicorn-10104.exe	107
PID 5080 wrote to memory of 4200	5080	Unicorn-10104.exe	107
PID 4048 wrote to memory of 4084	4048	Unicorn-29705.exe	108
PID 4048 wrote to memory of 4084	4048	Unicorn-29705.exe	108
PID 4048 wrote to memory of 4084	4048	Unicorn-29705.exe	108
PID 2256 wrote to memory of 4652	2256	Unicorn-24603.exe	109
PID 2256 wrote to memory of 4652	2256	Unicorn-24603.exe	109
PID 2256 wrote to memory of 4652	2256	Unicorn-24603.exe	109
PID 1548 wrote to memory of 4960	1548	Unicorn-52444.exe	110

C:\Users\Admin\AppData\Local\Temp\539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe
"C:\Users\Admin\AppData\Local\Temp\539360b2a23766c08c1b9add731b048c1e89a7874115bfd8ac8b16889aa3059cN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        8⤵
        Executes dropped EXE
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        11⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        11⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        11⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        10⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        9⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        10⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        10⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        9⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        9⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        9⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        9⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        10⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
        10⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        9⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        9⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        9⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        9⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        8⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        8⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        9⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        9⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37982.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        7⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
        9⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        9⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        8⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        8⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        9⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        9⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 640
        8⤵
        Program crash
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        7⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        7⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        10⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        10⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        10⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
        9⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        9⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        9⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        9⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        9⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        9⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        9⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        9⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        9⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        8⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        7⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        7⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        7⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41516.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        6⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        7⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        6⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        6⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        9⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        8⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        7⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        8⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        7⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        6⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        8⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        7⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        7⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        7⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        6⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        6⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        5⤵
        
        PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50066.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        8⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11832 -s 492
        9⤵
        Program crash
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        7⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        6⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        6⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18648.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        6⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        7⤵
        
        PID:15864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 668
        7⤵
        Program crash
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        6⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        5⤵
        
        PID:12588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 756
        5⤵
        Program crash
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        5⤵
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
      4⤵
      PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        5⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
      4⤵
      PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
      4⤵
      PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        9⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        10⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        10⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        9⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        9⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        9⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        9⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        8⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        7⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        6⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11996 -s 212
        7⤵
        Program crash
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        9⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        9⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        8⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        7⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        7⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        5⤵
        
        PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        8⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        7⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe
        6⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        5⤵
        
        PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        6⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        5⤵
        
        PID:14580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14580 -s 472
        6⤵
        Program crash
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
      4⤵
      PID:15844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15844 -s 456
        5⤵
        Program crash
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
      4⤵
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29287.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        8⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        7⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        6⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        6⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        5⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
      4⤵
      PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
      4⤵
      PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
      4⤵
      PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
      4⤵
      PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
      4⤵
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
      4⤵
      PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        5⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
      4⤵
      PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
      4⤵
      PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
      4⤵
      PID:10932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
    3⤵
    PID:9164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
    3⤵
    PID:12320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
    3⤵
    PID:16012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
    3⤵
    PID:16344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
    3⤵
    PID:7020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        7⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        7⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        7⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        7⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        6⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        8⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
        8⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        7⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        7⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        7⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        6⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64416.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        7⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        6⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
      4⤵
      PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
      4⤵
      PID:14852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        8⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        7⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        6⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        5⤵
        
        PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        5⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
      4⤵
      PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
      4⤵
      PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
      4⤵
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        7⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        7⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        7⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        5⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        5⤵
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
      4⤵
      PID:15580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        6⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        5⤵
        
        PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
      4⤵
      PID:12964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
      4⤵
      PID:16152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
    3⤵
    PID:8476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
    3⤵
    PID:12520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
    3⤵
    PID:7100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        8⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        7⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        7⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
        6⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 72
        7⤵
        Program crash
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        7⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        6⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        5⤵
        
        PID:12004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12004 -s 212
        6⤵
        Program crash
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        5⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        6⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27007.exe
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
      4⤵
      PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
      4⤵
      PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
      4⤵
      PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        6⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        7⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        7⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        6⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        5⤵
        
        PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
      4⤵
      PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
      4⤵
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41642.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
      4⤵
      PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
      4⤵
      PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
      4⤵
      PID:15816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
      4⤵
      PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
      4⤵
      PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
      4⤵
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
      4⤵
      PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
    3⤵
    PID:11608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
    3⤵
    PID:1672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
        5⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        7⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        6⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        6⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        6⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52848.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
      4⤵
      PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        5⤵
        
        PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      4⤵
      PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
      4⤵
      PID:15784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
    3⤵
    PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
      4⤵
      PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
      4⤵
      PID:15316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
    3⤵
    PID:7436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
    3⤵
    PID:12272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
    3⤵
    PID:16056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16056 -s 84
      4⤵
      Program crash
      PID:16180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
    3⤵
    PID:14312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        6⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        5⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
      4⤵
      PID:736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
    3⤵
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
      4⤵
      PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
      4⤵
      PID:14824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
    3⤵
    PID:8240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
    3⤵
    PID:11712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
    3⤵
    PID:1028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
      4⤵
      PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
      4⤵
      PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
      4⤵
      PID:14228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
    3⤵
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
      4⤵
      PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
    3⤵
    PID:10136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
    3⤵
    PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
    3⤵
    PID:14672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
    3⤵
    PID:15580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
  2⤵
  PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
    3⤵
    PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
    3⤵
    PID:10484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
    3⤵
    PID:14984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
    3⤵
    PID:5188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
  2⤵
  PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
    3⤵
    PID:15552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
    3⤵
    PID:3816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
  2⤵
  PID:12112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
  2⤵
  PID:15812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
  2⤵
  PID:15752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
  2⤵
  PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 12004 -ip 12004
1⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 11996 -ip 11996
1⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1672 -ip 1672
1⤵
PID:16316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7512 -ip 7512
1⤵
PID:16288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 15844 -ip 15844
1⤵
PID:16172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe

Filesize
468KB

MD5
df3034e282f7f5feefb78710fa302962

SHA1
edd057d82e9be004cf2feaea01daaa0ac16c3cdb

SHA256
6fd7429b0476bce67c07dde5f7c9a950abd976d8a57b1f092aeb87c622ebed6b

SHA512
d4ed054f6bd3e11205b9954573a65c3bde45ed570930de74ed173638463a97515b65bc3f89c7f8af244d7ba3b592726eab92ffeaf56545ba3a8ac43172c18b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe

Filesize
468KB

MD5
ec39cf243051abc730383c8d31846851

SHA1
6d09f3124ad0ec07b62623160fd91a99fa4f796b

SHA256
645365f73fb4eb6fac9bef309666b68df8cefe8318ac2660dc170991d7faf7f4

SHA512
face8bf23b0227e233b6924e5c170b15ab2e00054efd1015d2990ceb6f7f1ef069b418fd22bf7d1be11eddac3df2085a5261cbe617a61433ef590ce0f4b15b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe

Filesize
468KB

MD5
15fbd54d1016b188f24bb76b5084f193

SHA1
16a93289c4d67eadcc5ed68b5ad11caadc06985c

SHA256
f54da30c8c6ac1d2df4b965c4f5b9617fee3f471e13fa3992a17f3b46951955c

SHA512
fcf0af06f6bf4b5c1331d81d3aa5ce6378a8b4acfe74c6573e05c8fd42b1f332e5c2388d1a3f5c06942fbcaa7cfc2770b7abef5fd097ec6ee5b9c2f475f3e378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe

Filesize
468KB

MD5
b88a36e9dceceba1b34da1ad83530dd4

SHA1
a7b8d0c1dfc685b4996cf2c17c0fda2abfb008db

SHA256
91f0cdc53abd16c74ac1a7d1c1b3f5c1c2d72c502ad1e811fed5aac2bd7e9532

SHA512
010b8d414f23b71f0a818ff3c9176e8dbd9532de33e19da2318b1ce40982d03f8a1c0934152e650723fc60cbe743d640d82d90d6fb80096aa11df1a625583272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe

Filesize
468KB

MD5
990109f77ef061909537b3a9d3911996

SHA1
fbb751532a70ea37f31aed7e6cb2db00041d6f63

SHA256
c2332b3a924fc7ca4770331480d6b2367973a5bc640460e760b379e385efd3ac

SHA512
b4a1da2587823e066a245b026fc5afb731a755fa55515103fbd236353b9a25c01e3859df8d6fa6ccb13818e5f365e1528b82cdf1d0afbd2e036b0b0943774af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe

Filesize
468KB

MD5
69469379cd65f368aa3356657131a384

SHA1
409adae9903cd4a7e27627e4c7cf33504da2e480

SHA256
abe96173c72bbea814990b342488a4832e1362dcc1194ed4e471748f0d6283ca

SHA512
7b45ec5f3a5112c55fb0a486d88522ebe110fea5ffb610396a5ed100bdedf7b088fc3b2764fb598ae1eeb21134276897fde1c46ecc7ecce7bb0bcbee47cc18ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe

Filesize
468KB

MD5
8fe5c09086f88bde630e4587912322b0

SHA1
1c37231bf03ff8af9db9605ca725bba46729ce4b

SHA256
0154e7d5e50e7c544659ea1a802008da0f575e639981102923cea6286eaba87c

SHA512
320ef490b117e5a3552a3062bd7329481ba5ccc98d1c366a55d80764865f51e02a959720dc420a52896eb412e690db97f9858c56ffc73bef78ae9b6f1a373d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe

Filesize
468KB

MD5
3b85c10c14a021eb223958191c01da68

SHA1
54e3d644746c84ccf75dbd6ed334fb702338ab46

SHA256
dec7ea58d8d8c0c239790866be700fff05f084e3923c88b30f53d88727e18ff2

SHA512
3881e1e0ac4d290d023b955a7cb71b0e5301200d511f85f30f5d14ea97ab9b2e571db0ef233d54632bce1e7e4460903ce0434a35479bef240752beeac0de9ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe

Filesize
468KB

MD5
4b7f9c910217c656b7a401013fc956f8

SHA1
bd968a1fd5ec4c4701e9e423e64dfad534954f0f

SHA256
100b61b180d5d56c5ee7a2e086691a9585b5a8090296620e3a5c7faa91b06474

SHA512
a580d9a0ed2a05ebbc23982e95c5e4eacfbd291a84ef32328aa904f9d02a1e386eb4736831aef200aa7288ada1ad7b9131626db5e19198c6a7b62f13be7e41ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe

Filesize
468KB

MD5
f57dde95889b6116368217567ab974c5

SHA1
be08ae3d3c619f23047bc6fb47a4b883ec1fc790

SHA256
690e77decf003ceb055fc64a4a6069f0751f25e8853e143431ff005236dc67b3

SHA512
0be1e252ca1437b5f0dc087406b334e6d54b5f53d31b8774a789c9ceb61fa8f6b4e73d6e287c2f7865cc729039f758a1d5b2a9546b82d9e5b9fc3c8ce92952a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe

Filesize
468KB

MD5
57681c1f360aaa600a3e3a5e511a0093

SHA1
9bd49fa219cefc81b26e1a2ddf674911fe30fe39

SHA256
c287ef7152f4fa0e6a9bf00788b2166d404ccd3a1d11e732b53634ef73337d82

SHA512
0e062818a8193b4309c1f50f3ec65b7972d3a42e0ca2f511fa2185986a5022fc96f7a65c0a52c4d78bec2620b15505c7e971b89492735c31331e1334c31edc60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe

Filesize
468KB

MD5
e6bda20cf45025ca53776cb625a97802

SHA1
bbddd24215abb8757776e9eeebcac8f3feec2494

SHA256
70cd25eddf11f1586a50438a9de181d552bafb033367ec80714d5217d54d6cdb

SHA512
b1102bc35eb383713cd2ff1f8dc3736eb147c8a072f2ce1364c6558fcf4e0b3293631887050976583fe6b86735b9c9fa9586ff22b0a55c1ec8fa94e1a32da236

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe

Filesize
468KB

MD5
d04c1c6d4aa348ce67c321bcbeedd32d

SHA1
81d13b042459f91a9396d7a3e0753708fe11df62

SHA256
a5172319d62d3db831eb02bbe052d2076ef5b641d80a73afb474335f66f24c84

SHA512
65dfbfe83797f8239929cb9be76b32982ff8688b27e13cfbccaf9b56c8b51affde4f2ca60e3ae2abdb80d5c397edda76b4cf5845bbfd2ee125c34535210deb07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe

Filesize
468KB

MD5
9d989e61736bb0b1fc821a295c7c2d77

SHA1
31d3808ee69675f230627582fb9e09125d3145ff

SHA256
f88dbbf1054e3d08d9b6e343fce49941d0383d52da38868f1397087e66185601

SHA512
5fb6d81563472a418cf130c11428f0c3a2c15a85fa06d02675b897cab8847c6d985b9f7bf59edeefdf6be70e173a153a754343c2699c9f5c1d47bf432b0360d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe

Filesize
468KB

MD5
b534a16bddf0c2c8befe638cd5a98b00

SHA1
1bdfccba86abd4f9958e2e42ea74525227bdee33

SHA256
faf87e7385e2bf56be0404637e482d5f42e625e2bfdadf53715676ed2209b03c

SHA512
daecb1291356bc7db1236f5c0276c5a8ff53dbd5daad41a2989ff8f8545918df1b0acb402f5dbb733481ae74b8fab2c9d956e3d1f9e2d5368f4ade621547a717

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe

Filesize
468KB

MD5
71392f0ed42f73fc0c603f043af54c90

SHA1
b49e158c855663b0113baf536004ceba416ab336

SHA256
2694f6ac4a2eb24f917c02181a5b0dbd566d092b75b1a0d2daa92300f926652c

SHA512
6915051160dd9687a3224e6a01567cf1b50f77608537bd59aceab58dc87f8468dee754f8ef59aa7b200cfb2868b5afc6e4de340f1ff361a4ea5a18974bc64b0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe

Filesize
468KB

MD5
521566773e887a0fd511cd3b66200857

SHA1
b383179edf18556c94a4563bc1eff956c14eb4ac

SHA256
7504a034acfdf660faa49ee586ab8e2bddfe04a2547b130421606843411e8099

SHA512
786de85dd9edfce47d77d64eacf1f1758dd8c6b542fc68dd0d11c3f713965dcd83d299d466dfcc6a32b522513956c9a8609fa3b27b39ff4426b1a0677ade73d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe

Filesize
468KB

MD5
b5b261a606ce9a44367d829f5079211f

SHA1
0f92402e271ee057853420347ff2c2386d49eec8

SHA256
01555c32cc4abb3f5c119d63ac89ff3c73913a6c081a62151197dc5639988060

SHA512
c7153eef23144a83ba8db361396ddcc7d8cf996cab39418b000b0a94ee71f97835120958958150da6973a757562ea93b858492c8d9f64d973012b6c66cf20c82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe

Filesize
468KB

MD5
96cd7e9753e5da9edbf55f231d578df9

SHA1
68203632abed46f9e6583951cc35c98de9bbbaff

SHA256
9f9e3fd1423941669ec8be933c2767d09dc51fa585f4d84ed17b61f06175f994

SHA512
8bf8ee0d1ea638b37e9d055b392c4a2342b2191d75c082df0f58f702ce2d1339cb7e00aa0f83b69e833bfc08e2b291a1a80c7cdee3d2886240afd7bb0c60a16b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe

Filesize
468KB

MD5
05b15dbe0a88f8596c00f617430c5c7d

SHA1
4eacd45bd6b1c4ed18618911408711a9ef2a54fe

SHA256
ded797af05d10f1c52d7fcd32ecf2827b5fb7e50221dc7a48ab277d6b7a9fb1c

SHA512
53915d2f079358cc846138c60ca38d5c31189cf05241205716042e53f8570f35e348e68d523544eced27a6aa3025d207db1472f88eee7ad8005b428c16292f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe

Filesize
468KB

MD5
a4ad482238daef6cf59b25ee8a54848a

SHA1
a958902ff719cb237746d2c59226cc20998df8a5

SHA256
1bf33f99ec9ab91ddae72e00973b5cafd840ecaaad7295717fd96dccf7fa1b2d

SHA512
44cd50cacc77eb469630e5f455129bd527b49cc45ae0d78d80d5e3e23e3003e39f048896b09432e542bbef99449f39e1b1297c05a0f8fb2b7ee8488eaa5bf756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe

Filesize
468KB

MD5
51f6e1196936ef28ab8ab650ac8d39ef

SHA1
d73a95459065ef6875a92b6a784d9a6abaeb3575

SHA256
21c6f09a3ab3e7dc2012bfab3dc0f609c4cde0719e5b21e76d3711eb076b4d3b

SHA512
042ec399e23f3d78bee14f57b6bf3ad630687ce47e67c76c5c1b2c4b28e30377a58741cbfd11df86f12e5cc1c275f06a2cbcfdf80ba9f072db35ca139fceffac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe

Filesize
468KB

MD5
7c31331b4c672abe3ab9c4293bbf1851

SHA1
ff707c1736013ed40b9e2d75792b37e43973e6de

SHA256
f01ce4fd80b6444e8d90e8dde787a7ab436b6c7ccb7f49ba0372571e751a038d

SHA512
d7676bd6f6aeacd0ea49e3ffa1e425e733b92db8676e1a2b419e7fc1f1ef116e869e2fc990cf4291dc8f36f848aa5e172ced14567195c761b87866a73e6c4da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe

Filesize
468KB

MD5
01cebd79a09f4f3ea371ccbbfd3167ab

SHA1
849a307cfc469e85a84f4de4d0b9901badb9f861

SHA256
45d85d5044c9d563f7b9d38d3e37e1ba602ed96f8da6c27daeddcaea3ba911fe

SHA512
e2931c9617c8a91e1e37a194422ad2afaf1f80df062c3868f312bf13537b9b385fd5acd2b57c724b46a3c1865bd4ea8af5367cd7c304ee56bcfb95d853f98142

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe

Filesize
468KB

MD5
2f01a2bd629ffb48e2c6d46b8b3469d6

SHA1
78c30c0305521d1985ec7e00e8b69ec2ec93bc2c

SHA256
cb13254b67d66991c2000dbfcf76a8d8a23192bf8b1be6de05d33b1fbbbccbdf

SHA512
d9f3551e8a49c1d1828a30d4c251c13a6a732d4928323d053b4142b45926f3c8af21410726a9654a190e7414b10d0fdde4cb3ee62bb55df2cad6d16f72eab33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe

Filesize
468KB

MD5
089614e3567fae3cfcba383e85bfa0e6

SHA1
b44437b36e6eb0ee60bddaf30063bd32570a1478

SHA256
92b4b56d6eb64bedb74c149bac7bcbad2dae4a3a37792042354066b16d8edae7

SHA512
a8f4f4a4c8a75d58253142bf4f27ea3653897e44b39d1eff0e8b52720c3a139da2db833a8d8160ccee14712e3897f87edc1ba3405de38e5818cfe284db66b61f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe

Filesize
468KB

MD5
a52e16a04dea8d2819ed9e034468597d

SHA1
61a8107ff55eb2e9537e92987ae553636007048f

SHA256
eabe1a3743900b2815769baae1ab8a71a084ab3fa52700e8159a6b49741b6342

SHA512
0ea1314617640acb21039df1c73409e090a8058612538c93790c49473156ee24c933d985e33bb81208488ad2ac5eed492e788f2ec90371d3297d216bf924f55d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe

Filesize
468KB

MD5
8fb7ce363126a6d00fbd53e53ce454bd

SHA1
583a74525ddfdefa441ad50564fc08099cb925a6

SHA256
95208d7ba17c517d85885d743f838fb6612730783838f25b4c6adf6b01ecb012

SHA512
c8d0c03d601066256562a64fc22e50b32364400598a05a3b72073125f84815f98a8d0cbe7a4a718316b7d0f233305ddb3978a6f8b74f87624d25ca9a9a5660be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe

Filesize
468KB

MD5
0172aba5eb35a99abbecf3d6acb7732d

SHA1
6aea6123c9dd6a0b6f76e11dd4324989f6567caf

SHA256
dfddcc6e97d225bed2119e26acd3bc913fb9cc78183ff156ec98e6844aa6794a

SHA512
27da256da1d2dfbf00119d583888c700a9c32b324cf4aa0b2b29d1619ffc254939e4cc9c1ceaa5982fa13cb33d8d1209c4576fbb34abc403f81a9af576224729

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe

Filesize
468KB

MD5
14610c6a6ab0eec576a3f6cf379cfd67

SHA1
293a409a9a5744aae3a2b2e25d594acce7f3f376

SHA256
49a0d4b3afcd14568682bc24cda6e31c7df3049c79967d667224f6e997f3d39e

SHA512
6bcdc0e1b16ec31e4b7e1569d8c5e95c7ded26cc56d9531ec26bada5074509850d697927737dbfadc043aa9fbeac31adc2a43f0bc001760af8011622cc201cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe

Filesize
468KB

MD5
5667fdde1a310b079b18ed72572bd657

SHA1
d4b4952971cefbf429a8bb08e8bf24069a8989d5

SHA256
be0b529f4e4e9d64cf2ac0d376c40cdd583a6ed34d7da7e12f4c57fb91ec1cea

SHA512
ca7e529d1e4c7cdb54c831239e9c3655b9d665a504c677a9c0684be63dc9ff18c33af1af75e3697d865cde1ee31943fa97de0972fa7ba0b9f38b1f95503d6c06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe

Filesize
468KB

MD5
ae9269f6817bdb82a79fe03befbc53d3

SHA1
a6f8fb0e748f7ad07792dcdaa7d2f75f4d4fda2b

SHA256
9dfa369e13ae465e915356cbbf7c9be04e048a41edcb471257fce5a506d818e7

SHA512
c236df10587f67962d0a61d8430ffcc2c2ebfe279e6ae5d5607f057328d1b34914b47a30bbe8d7dfeea7d291a6defae43e64af8fb27b574d10485fcc36d666ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe

Filesize
468KB

MD5
ba0b9c5b8841da66c1b13a1ece657e40

SHA1
689a517d40bde2ecc5f452648ab1114338f02387

SHA256
9491b5e4f2911a0be535d718dd60b4184aae835d804c6e44590fcad88344a7d5

SHA512
ff236dfa76af4594ac05923878e5bee3d120cc3b8666f800eec8318c62af2cfe08145a009c75bb1711635e50c5b7300ea52d94913210eefd1c081baa69a6a726

Download Submit
memory/64-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/216-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/392-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/696-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/724-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1212-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1376-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1524-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1548-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1580-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1740-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2120-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2912-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3068-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3092-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3116-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3184-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-3367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3432-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3748-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3756-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3852-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4064-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4084-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4116-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4200-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4264-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-2920-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4608-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4652-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5176-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5300-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6832-2506-0x00000000762E0000-0x00000000763BC000-memory.dmp

Filesize
880KB

Download
memory/13352-2690-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14432-2871-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15204-3065-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15476-3102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15496-3190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15556-3277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15580-2972-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15656-2700-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15676-3365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15720-2699-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15736-2999-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15952-3366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16000-3343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16028-3043-0x00007FFF5F160000-0x00007FFF5F1B9000-memory.dmp

Filesize
356KB

Download
memory/16176-3053-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16292-3107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16344-2829-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16356-2921-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads