7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3

Analysis

max time kernel
119s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
Size

468KB
MD5

ff58d40a2504bde9674bd0e2745cf820
SHA1

3a842528b19f1085026512b751923349e506f078
SHA256

7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3
SHA512

7c35ec970a7002dcb6d8f1e8c2a3e3916d9815ec7e077d1d8ce2ba188bfa5c2e2ccf2cf5be8aa7c177bd59599afe55b3005b734b6ef0e939a98a2ecf58ebffef
SSDEEP

3072:Xrz7ogKxjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lO0Eln0AFo1Sblk:XrfotAUF1PDyqf/BtuEl04o1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2476	Unicorn-23498.exe
2760	Unicorn-45994.exe
2160	Unicorn-22044.exe
640	Unicorn-64442.exe
388	Unicorn-36408.exe
1508	Unicorn-48106.exe
1180	Unicorn-41976.exe
4524	Unicorn-34074.exe
3172	Unicorn-59325.exe
1900	Unicorn-59886.exe
2320	Unicorn-25167.exe
2812	Unicorn-52465.exe
2568	Unicorn-6793.exe
756	Unicorn-63513.exe
4596	Unicorn-25434.exe
3828	Unicorn-42132.exe
2512	Unicorn-12989.exe
2624	Unicorn-31171.exe
4868	Unicorn-161.exe
2252	Unicorn-49097.exe
1620	Unicorn-37110.exe
3128	Unicorn-9076.exe
4736	Unicorn-20774.exe
776	Unicorn-12605.exe
3052	Unicorn-4437.exe
2388	Unicorn-63844.exe
4324	Unicorn-43092.exe
2136	Unicorn-54028.exe
436	Unicorn-52050.exe
1588	Unicorn-24016.exe
3660	Unicorn-5079.exe
1308	Unicorn-11209.exe
1000	Unicorn-39606.exe
4640	Unicorn-11572.exe
1552	Unicorn-39414.exe
2536	Unicorn-23078.exe
2860	Unicorn-18728.exe
1344	Unicorn-33144.exe
3204	Unicorn-7701.exe
2572	Unicorn-56518.exe
4960	Unicorn-8064.exe
408	Unicorn-2663.exe
3256	Unicorn-49658.exe
1728	Unicorn-45574.exe
4540	Unicorn-33322.exe
3984	Unicorn-25154.exe
3572	Unicorn-16986.exe
1448	Unicorn-8817.exe
1924	Unicorn-36636.exe
2508	Unicorn-53285.exe
1820	Unicorn-33684.exe
2852	Unicorn-29600.exe
2304	Unicorn-47420.exe
1144	Unicorn-29622.exe
4056	Unicorn-13285.exe
4452	Unicorn-29984.exe
3116	Unicorn-43720.exe
4112	Unicorn-13093.exe
4268	Unicorn-62294.exe
3552	Unicorn-62294.exe
4280	Unicorn-34858.exe
2216	Unicorn-18884.exe
4532	Unicorn-32619.exe
3232	Unicorn-38750.exe

Program crash 32 IoCs

pid	pid_target	Process	procid_target
3984	1180	WerFault.exe	88
3792	4324	WerFault.exe	117
212	2568	WerFault.exe	98
4320	388	WerFault.exe	86
6064	756	WerFault.exe	99
6240	5084	WerFault.exe	166
6168	3164	WerFault.exe	165
5432	4184	WerFault.exe	162
7396	3552	WerFault.exe	156
5908	4640	WerFault.exe	125
7620	1924	WerFault.exe	141
8056	5692	WerFault.exe	241
8536	6964	WerFault.exe	317
9796	5524	WerFault.exe	203
9808	452	WerFault.exe	183
10016	3572	WerFault.exe	139
9696	1160	WerFault.exe	221
10800	7840	WerFault.exe	419
11104	5544	WerFault.exe	232
11168	5988	WerFault.exe	247
11980	5976	WerFault.exe	254
10016	7412	WerFault.exe	370
10192	7856	WerFault.exe	347
13320	7424	WerFault.exe	371
1536	10164	WerFault.exe	567
8540	7944	Process not Found	413
3892	10168	Process not Found	524
4896	5804	Process not Found	380
5224	368	Process not Found	562
4988	7952	Process not Found	552
15212	9936	Process not Found	509
4724	7204	Process not Found	361

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40198.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7728	Process not Found
Token: SeChangeNotifyPrivilege	7728	Process not Found
Token: 33	7728	Process not Found
Token: SeIncBasePriorityPrivilege	7728	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2476	Unicorn-23498.exe
2760	Unicorn-45994.exe
2160	Unicorn-22044.exe
640	Unicorn-64442.exe
388	Unicorn-36408.exe
1180	Unicorn-41976.exe
1508	Unicorn-48106.exe
4524	Unicorn-34074.exe
3172	Unicorn-59325.exe
1900	Unicorn-59886.exe
2320	Unicorn-25167.exe
756	Unicorn-63513.exe
2812	Unicorn-52465.exe
2568	Unicorn-6793.exe
4596	Unicorn-25434.exe
3828	Unicorn-42132.exe
2512	Unicorn-12989.exe
2624	Unicorn-31171.exe
4868	Unicorn-161.exe
2252	Unicorn-49097.exe
4324	Unicorn-43092.exe
776	Unicorn-12605.exe
4736	Unicorn-20774.exe
2136	Unicorn-54028.exe
3128	Unicorn-9076.exe
2388	Unicorn-63844.exe
1620	Unicorn-37110.exe
3052	Unicorn-4437.exe
436	Unicorn-52050.exe
1588	Unicorn-24016.exe
3660	Unicorn-5079.exe
1308	Unicorn-11209.exe
1000	Unicorn-39606.exe
4640	Unicorn-11572.exe
2536	Unicorn-23078.exe
1552	Unicorn-39414.exe
2860	Unicorn-18728.exe
1344	Unicorn-33144.exe
3204	Unicorn-7701.exe
2572	Unicorn-56518.exe
4960	Unicorn-8064.exe
1728	Unicorn-45574.exe
4540	Unicorn-33322.exe
408	Unicorn-2663.exe
3256	Unicorn-49658.exe
1924	Unicorn-36636.exe
1448	Unicorn-8817.exe
2508	Unicorn-53285.exe
1820	Unicorn-33684.exe
2852	Unicorn-29600.exe
2304	Unicorn-47420.exe
3984	Unicorn-25154.exe
3572	Unicorn-16986.exe
4056	Unicorn-13285.exe
4452	Unicorn-29984.exe
3116	Unicorn-43720.exe
3552	Unicorn-62294.exe
4112	Unicorn-13093.exe
4268	Unicorn-62294.exe
4280	Unicorn-34858.exe
3232	Unicorn-38750.exe
4184	Unicorn-38750.exe
2216	Unicorn-18884.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 2476	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	82
PID 1456 wrote to memory of 2476	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	82
PID 1456 wrote to memory of 2476	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	82
PID 2476 wrote to memory of 2760	2476	Unicorn-23498.exe	83
PID 2476 wrote to memory of 2760	2476	Unicorn-23498.exe	83
PID 2476 wrote to memory of 2760	2476	Unicorn-23498.exe	83
PID 1456 wrote to memory of 2160	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	84
PID 1456 wrote to memory of 2160	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	84
PID 1456 wrote to memory of 2160	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	84
PID 2760 wrote to memory of 640	2760	Unicorn-45994.exe	85
PID 2760 wrote to memory of 640	2760	Unicorn-45994.exe	85
PID 2760 wrote to memory of 640	2760	Unicorn-45994.exe	85
PID 2476 wrote to memory of 388	2476	Unicorn-23498.exe	86
PID 2476 wrote to memory of 388	2476	Unicorn-23498.exe	86
PID 2476 wrote to memory of 388	2476	Unicorn-23498.exe	86
PID 2160 wrote to memory of 1508	2160	Unicorn-22044.exe	87
PID 2160 wrote to memory of 1508	2160	Unicorn-22044.exe	87
PID 2160 wrote to memory of 1508	2160	Unicorn-22044.exe	87
PID 1456 wrote to memory of 1180	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	88
PID 1456 wrote to memory of 1180	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	88
PID 1456 wrote to memory of 1180	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	88
PID 640 wrote to memory of 4524	640	Unicorn-64442.exe	93
PID 640 wrote to memory of 4524	640	Unicorn-64442.exe	93
PID 640 wrote to memory of 4524	640	Unicorn-64442.exe	93
PID 2760 wrote to memory of 3172	2760	Unicorn-45994.exe	94
PID 2760 wrote to memory of 3172	2760	Unicorn-45994.exe	94
PID 2760 wrote to memory of 3172	2760	Unicorn-45994.exe	94
PID 388 wrote to memory of 1900	388	Unicorn-36408.exe	95
PID 388 wrote to memory of 1900	388	Unicorn-36408.exe	95
PID 388 wrote to memory of 1900	388	Unicorn-36408.exe	95
PID 2476 wrote to memory of 2320	2476	Unicorn-23498.exe	96
PID 2476 wrote to memory of 2320	2476	Unicorn-23498.exe	96
PID 2476 wrote to memory of 2320	2476	Unicorn-23498.exe	96
PID 2160 wrote to memory of 2812	2160	Unicorn-22044.exe	97
PID 2160 wrote to memory of 2812	2160	Unicorn-22044.exe	97
PID 2160 wrote to memory of 2812	2160	Unicorn-22044.exe	97
PID 1508 wrote to memory of 2568	1508	Unicorn-48106.exe	98
PID 1508 wrote to memory of 2568	1508	Unicorn-48106.exe	98
PID 1508 wrote to memory of 2568	1508	Unicorn-48106.exe	98
PID 1456 wrote to memory of 756	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	99
PID 1456 wrote to memory of 756	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	99
PID 1456 wrote to memory of 756	1456	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	99
PID 4524 wrote to memory of 4596	4524	Unicorn-34074.exe	104
PID 4524 wrote to memory of 4596	4524	Unicorn-34074.exe	104
PID 4524 wrote to memory of 4596	4524	Unicorn-34074.exe	104
PID 640 wrote to memory of 3828	640	Unicorn-64442.exe	105
PID 640 wrote to memory of 3828	640	Unicorn-64442.exe	105
PID 640 wrote to memory of 3828	640	Unicorn-64442.exe	105
PID 3172 wrote to memory of 2512	3172	Unicorn-59325.exe	106
PID 3172 wrote to memory of 2512	3172	Unicorn-59325.exe	106
PID 3172 wrote to memory of 2512	3172	Unicorn-59325.exe	106
PID 2760 wrote to memory of 2624	2760	Unicorn-45994.exe	107
PID 2760 wrote to memory of 2624	2760	Unicorn-45994.exe	107
PID 2760 wrote to memory of 2624	2760	Unicorn-45994.exe	107
PID 2320 wrote to memory of 4868	2320	Unicorn-25167.exe	108
PID 2320 wrote to memory of 4868	2320	Unicorn-25167.exe	108
PID 2320 wrote to memory of 4868	2320	Unicorn-25167.exe	108
PID 2476 wrote to memory of 2252	2476	Unicorn-23498.exe	109
PID 2476 wrote to memory of 2252	2476	Unicorn-23498.exe	109
PID 2476 wrote to memory of 2252	2476	Unicorn-23498.exe	109
PID 2568 wrote to memory of 1620	2568	Unicorn-6793.exe	110
PID 2568 wrote to memory of 1620	2568	Unicorn-6793.exe	110
PID 2568 wrote to memory of 1620	2568	Unicorn-6793.exe	110
PID 1508 wrote to memory of 3128	1508	Unicorn-48106.exe	111

C:\Users\Admin\AppData\Local\Temp\7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
"C:\Users\Admin\AppData\Local\Temp\7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
        8⤵
        Executes dropped EXE
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        10⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        9⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        8⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 716
        9⤵
        Program crash
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        9⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        8⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        10⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        10⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        10⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        9⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        10⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        9⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        8⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        9⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        8⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        10⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        9⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        9⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        7⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        10⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        10⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        9⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        9⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        10⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        9⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        10⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        9⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 624
        8⤵
        Program crash
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        8⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        7⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        9⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        8⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        8⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        7⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        11⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        10⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        10⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        9⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        9⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        9⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        8⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        7⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        8⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 628
        8⤵
        Program crash
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        7⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        6⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        9⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        10⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        8⤵
        
        PID:16320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 652
        7⤵
        Program crash
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        9⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        8⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
        7⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        6⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
        5⤵
        
        PID:3164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 632
        6⤵
        Program crash
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        8⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
        6⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        6⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        7⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        6⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        5⤵
        
        PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        9⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        11⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        9⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        9⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        9⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        9⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        10⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        10⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        9⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        9⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        7⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        7⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        8⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        9⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        8⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        7⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        7⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 656
        7⤵
        Program crash
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        6⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 636
        7⤵
        Program crash
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        9⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        10⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        9⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        10⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        7⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        9⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        9⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        7⤵
        
        PID:12096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 720
        6⤵
        Program crash
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        5⤵
        Executes dropped EXE
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        8⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        6⤵
        
        PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        9⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        10⤵
        
        PID:16096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 660
        9⤵
        Program crash
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        9⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        7⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        7⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        6⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        9⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        7⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        6⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        7⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        7⤵
        
        PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 604
        6⤵
        Program crash
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        6⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        6⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        5⤵
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
      4⤵
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        6⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        6⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        6⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        5⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
      4⤵
      PID:7840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 716
        5⤵
        Program crash
        
        PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
      4⤵
      PID:12652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        10⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe
        10⤵
        
        PID:15416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 660
        9⤵
        Program crash
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        9⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        8⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        9⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        8⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        7⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
        6⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        9⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        8⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 712
        7⤵
        Program crash
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        8⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        7⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        6⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2284.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        6⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        6⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 632
        5⤵
        Program crash
        
        PID:3792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 716
      4⤵
      Program crash
      PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        9⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        10⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        10⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        9⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11307.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        8⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47229.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        7⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        6⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        5⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        9⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        7⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        8⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        6⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        7⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        6⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        7⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        5⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14245.exe
        5⤵
        
        PID:5084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 632
        6⤵
        Program crash
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        6⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        7⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        5⤵
        
        PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
      4⤵
      PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
      4⤵
      PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
      4⤵
      PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
      4⤵
      PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        8⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        7⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        7⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        5⤵
        
        PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
      4⤵
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        7⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 632
        7⤵
        Program crash
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        6⤵
        
        PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
      4⤵
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
      4⤵
      PID:8920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
        7⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        6⤵
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
      4⤵
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
    3⤵
    PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
      4⤵
      PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        5⤵
        
        PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
      4⤵
      PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
      4⤵
      PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      4⤵
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
    3⤵
    PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
      4⤵
      PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      4⤵
      PID:7680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
    3⤵
    PID:13612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
    3⤵
    PID:15904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        10⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        8⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        7⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 748
        7⤵
        Program crash
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        8⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        8⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        6⤵
        
        PID:16308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 736
        5⤵
        Program crash
        
        PID:212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        7⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 632
        8⤵
        Program crash
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        8⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        7⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
        5⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        8⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        6⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        7⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        6⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        7⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        6⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        6⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        5⤵
        
        PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        7⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        5⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        6⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
      4⤵
      PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
      4⤵
      PID:12376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        6⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        9⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        7⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        7⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        7⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        5⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        6⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        7⤵
        
        PID:15564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 652
        6⤵
        Program crash
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        5⤵
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        6⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        8⤵
        
        PID:1312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 752
        6⤵
        Program crash
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47245.exe
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        5⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
      4⤵
      PID:13940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        9⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        8⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        7⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        6⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        7⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        5⤵
        
        PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
        6⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        7⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        5⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        6⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:10576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7805.exe
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        7⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        6⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        7⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        5⤵
        
        PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
      4⤵
      PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
    3⤵
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        6⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
      4⤵
      PID:8452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    3⤵
    PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        5⤵
        
        PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
    3⤵
    PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
      4⤵
      PID:15292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
    3⤵
    PID:13080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
    3⤵
    PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
    3⤵
    PID:11984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 720
    3⤵
    - Program crash
    PID:3984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48333.exe
        8⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        6⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        7⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        6⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        7⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        5⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
        6⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        5⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        5⤵
        
        PID:492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
        5⤵
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        6⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        5⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        5⤵
        
        PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        5⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        6⤵
        
        PID:12472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
      4⤵
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        8⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        7⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        6⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        5⤵
        
        PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        5⤵
        
        PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        5⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        6⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      4⤵
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
      4⤵
      PID:1160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 716
    3⤵
    - Program crash
    PID:6064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
      4⤵
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        6⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        6⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        5⤵
        
        PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        5⤵
        
        PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        5⤵
        
        PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
      4⤵
      PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
    3⤵
    PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        6⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
      4⤵
      PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
    3⤵
    PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
      4⤵
      PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
    3⤵
    PID:12032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
    3⤵
    PID:6684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
    3⤵
    PID:388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 744
    3⤵
    - Program crash
    PID:7620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
  2⤵
  PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
    3⤵
    PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
      4⤵
      PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
    3⤵
    PID:9212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
  2⤵
  PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
    3⤵
    PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
      4⤵
      PID:15888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
  2⤵
  PID:9968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
  2⤵
  PID:13040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
  2⤵
  PID:16328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1180 -ip 1180
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4324 -ip 4324
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2568 -ip 2568
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 388 -ip 388
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 756 -ip 756
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4184 -ip 4184
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3164 -ip 3164
1⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5084 -ip 5084
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4532 -ip 4532
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5008 -ip 5008
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2216 -ip 2216
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2572 -ip 2572
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2624 -ip 2624
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4336 -ip 4336
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1740 -ip 1740
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 388 -ip 388
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1924 -ip 1924
1⤵
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5444 -ip 5444
1⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5604 -ip 5604
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5800 -ip 5800
1⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4640 -ip 4640
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1044 -ip 1044
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3116 -ip 3116
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3552 -ip 3552
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5572 -ip 5572
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5664 -ip 5664
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5692 -ip 5692
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5648 -ip 5648
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5652 -ip 5652
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5564 -ip 5564
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5776 -ip 5776
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6964 -ip 6964
1⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4140 -ip 4140
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2276 -ip 2276
1⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4088 -ip 4088
1⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6868 -ip 6868
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6920 -ip 6920
1⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5684 -ip 5684
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6324 -ip 6324
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3628 -ip 3628
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1144 -ip 1144
1⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5524 -ip 5524
1⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 452 -ip 452
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1160 -ip 1160
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5376 -ip 5376
1⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6068 -ip 6068
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3052 -ip 3052
1⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3572 -ip 3572
1⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7840 -ip 7840
1⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5544 -ip 5544
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5988 -ip 5988
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6360 -ip 6360
1⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6580 -ip 6580
1⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6588 -ip 6588
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5976 -ip 5976
1⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6228 -ip 6228
1⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3068 -ip 3068
1⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5792 -ip 5792
1⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7864 -ip 7864
1⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2820 -ip 2820
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3172 -ip 3172
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5480 -ip 5480
1⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6312 -ip 6312
1⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5556 -ip 5556
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6664 -ip 6664
1⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7012 -ip 7012
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6184 -ip 6184
1⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6736 -ip 6736
1⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6428 -ip 6428
1⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6344 -ip 6344
1⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3968 -ip 3968
1⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6352 -ip 6352
1⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5008 -ip 5008
1⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6436 -ip 6436
1⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6340 -ip 6340
1⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5736 -ip 5736
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6508 -ip 6508
1⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 8920 -ip 8920
1⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6860 -ip 6860
1⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5368 -ip 5368
1⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 7736 -ip 7736
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5712 -ip 5712
1⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5004 -ip 5004
1⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 1172 -ip 1172
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7032 -ip 7032
1⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 7752 -ip 7752
1⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7996 -ip 7996
1⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6808 -ip 6808
1⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 7436 -ip 7436
1⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6300 -ip 6300
1⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7524 -ip 7524
1⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5576 -ip 5576
1⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5640 -ip 5640
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5188 -ip 5188
1⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7412 -ip 7412
1⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7856 -ip 7856
1⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6444 -ip 6444
1⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7424 -ip 7424
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7388 -ip 7388
1⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7348 -ip 7348
1⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2780 -ip 2780
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7460 -ip 7460
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7280 -ip 7280
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5916 -ip 5916
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7200 -ip 7200
1⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 8008 -ip 8008
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7900 -ip 7900
1⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 8824 -ip 8824
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 7056 -ip 7056
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 936 -ip 936
1⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7744 -ip 7744
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6172 -ip 6172
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7492 -ip 7492
1⤵
PID:14360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7816 -ip 7816
1⤵
PID:14448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7892 -ip 7892
1⤵
PID:14480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 8776 -ip 8776
1⤵
PID:14532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 10004 -ip 10004
1⤵
PID:14572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8720 -ip 8720
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7732 -ip 7732
1⤵
PID:14672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5616 -ip 5616
1⤵
PID:14724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 9148 -ip 9148
1⤵
PID:14944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 10068 -ip 10068
1⤵
PID:15352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 8816 -ip 8816
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7648 -ip 7648
1⤵
PID:15560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 8992 -ip 8992
1⤵
PID:15800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5668 -ip 5668
1⤵
PID:15880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8680 -ip 8680
1⤵
PID:16008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 7352 -ip 7352
1⤵
PID:16056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 8976 -ip 8976
1⤵
PID:16076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7004 -ip 7004
1⤵
PID:16140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4808 -ip 4808
1⤵
PID:16148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6908 -ip 6908
1⤵
PID:16168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6800 -ip 6800
1⤵
PID:16180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4136 -ip 4136
1⤵
PID:16216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 10108 -ip 10108
1⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2368 -ip 2368
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6956 -ip 6956
1⤵
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6032 -ip 6032
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1096 -ip 1096
1⤵
PID:15636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5472 -ip 5472
1⤵
PID:15016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5596 -ip 5596
1⤵
PID:14616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6676 -ip 6676
1⤵
PID:14672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5940 -ip 5940
1⤵
PID:15372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 10164 -ip 10164
1⤵
PID:15576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 8960 -ip 8960
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7992 -ip 7992
1⤵
PID:16124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7176 -ip 7176
1⤵
PID:16164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4452 -ip 4452
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 1004 -ip 1004
1⤵
PID:14916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 8604 -ip 8604
1⤵
PID:14368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 10496 -ip 10496
1⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8596 -ip 8596
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8396 -ip 8396
1⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4596 -ip 4596
1⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 7664 -ip 7664
1⤵
PID:14892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3916 -ip 3916
1⤵
PID:15636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 8232 -ip 8232
1⤵
PID:7496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe

Filesize
468KB

MD5
39df30ba3d25f0087de0426b5ae8c40a

SHA1
c81b9c85743cf6c3cb7e8dd4f7dc7ef803612e74

SHA256
a58f6a29831011527cf913c62b60d973c9face674f9e5dda145558c848ad44b2

SHA512
399f5ef9514cc5a47dd542985764f089d5bf69527e90ccb13f9cbef365aa22f9e269d47321d13f30d710e844044ce05b1953be433e85187b2d062f34eeb6a092

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe

Filesize
468KB

MD5
7b19f92c4a338171bcefcdea5b51c642

SHA1
40414d4cae368467f021691b0f9069e3ea13b6b1

SHA256
e5d30e0e5df44eba845b47b979176cc9b339e537905b918ec723cecafde82b82

SHA512
4f52d3ca5f7fc04dd7ebd2b75535f794f180d0ca631fcd8ad21d2c72e2f786e8872f039c504638bcd5b3c08b6e452e8229acfa14de127fa32c9581ac349f58fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe

Filesize
468KB

MD5
73b9d533615e57196b7610131b089631

SHA1
a3dd53e5ebcba643b02e4039a566d852c3ccf22a

SHA256
b96d7c7b73a81c187be0ec058f12a66a711c9ebeffaa4be22e46e545ee89e848

SHA512
aba143ffc7e17e6a5f10d5a04b5200424f9ef0d4da74136086c3bb0b83c26c2554d33fd311eacc0b10ccbb03f57e60d04d8b921d6951dd32866a6485b34fa4de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe

Filesize
468KB

MD5
348346d1422ff990e8a1dd484c62104b

SHA1
6dd952217d02f294f4b9121d86dea85687a8a9eb

SHA256
e2db77960da961896a817faa36cda11b5ac254a8d1163838c35c7aab0d51ac1d

SHA512
bd19b15c09641a51df5ffe7c21c5ce73dd341ac5ba0027d1f9ea28621b4886762f9b7012957c8bd1a71a2523675b1cc590d9a96754fd80a38f55bd73b96312d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe

Filesize
468KB

MD5
b8ac3f6d95bf204f1dff6feb2e1ffd3b

SHA1
605c3b05111d01bfa2dad7401707a868eb039b40

SHA256
8c9a9271ba5c14f8b4f5f07b9286fae0a79559b93576fc2f719799f748b150ce

SHA512
e52e9ae793f30889bcfff2e4eb27cdef1d292ae68fab9ebe35ab67fbb19f787012a880d875dd432721340f6be8ec095289e71c0bc16e201df5c9057a2091135e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe

Filesize
468KB

MD5
86c66e1f03687db903467855d722511f

SHA1
726042772f50ec6c1c05ed6bc00ec0e28d0b72d1

SHA256
8718abf28cd2145eb964067ac283126d1d03cf4263b75af3c9c1ee6d96c58229

SHA512
9b377edea413102e2127782ff5ba9287c8f2044874139a3c9ff06eb4b37fca20f9408ab0617b07c13fa6a5a795e4747ecd44ed253b5a81b8885b8abb6895e277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe

Filesize
468KB

MD5
ba8af750871249565b5e422b62e89aad

SHA1
676d2d7b38b200ccdbd435f088a1cf6a3373d389

SHA256
53a4ec74b97108c0e43a3ad7b7348c31b97a2184544e9ae9031cc235822d3cd5

SHA512
ba9c460a60d094849b436293b634bff672a155186b31b59cd02bc87a5b423156b03fbc6cc5816ebede0924d084ecba893db2d8a69eac2227551abc32ca0615d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe

Filesize
468KB

MD5
132965943a7b20747da5250d05d24710

SHA1
dcaedec8391aff5735fd8adb4f60a111cbb9f22a

SHA256
2ba356e9f68f9d6275aba2f5fedde93738bb3d9d00181e8caaeac0b138fa9701

SHA512
567552081976386f5f802f30c8433877540d874e3b4f5da2930fceea30029f514bce7c6ba5e9b8108ad2b748ff0485c59535161084a1dccc6785e0f970d0cb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe

Filesize
468KB

MD5
871bad8b949de01a4a94941348d8bcf0

SHA1
680b6fdb9e52005879e827f80bfe074cdb33a8de

SHA256
0e488fe80f5a8a93af35e6ab337ca5850308d458956632f128b0d820aadf8c4d

SHA512
2ff1db844d6fa1208d93d72ae5e01e787ed37339908ca04849af191ce06da96cc2149b35b70e2e1998882eac37305d4c74a55c40cbb7156fef35494bb430a95e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe

Filesize
468KB

MD5
5bd74844eaf9fecdbf90ced8e3660a3e

SHA1
6342143ae41125f6d180824fc32fff9b70e9ae27

SHA256
b8622eeb52f0b2030d696224fd035ec2d7a2710d7afe879b7326a8d29e9da2c4

SHA512
e9cb0a72331f9fa9545a6fd68d03aa14b97387f211e0a8a2866572a9995d43e2523e11d69a53ca8edd4f73240cb3498e8ffedae776ba2a65d8eba1c41fb92187

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe

Filesize
468KB

MD5
144e193005b31fa66af3bab6fe90e611

SHA1
fe4b941c030eb99eb409936aa06b4b703b3a2568

SHA256
f1d30f0d49c4553d7432cb45bc61e84c71dbaed80e7bc481289ff569f5e9ca0e

SHA512
1828c8cc10b4fd7cb4b51b5e6f22083ba60b37785a733d8009f9d0204988f77faddf1844686cad53a12931467b1fe50a68c11746f534a6cb10aa79bb16f91021

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe

Filesize
468KB

MD5
4552d4ddbfa41eb17e20e01ec57bc0fb

SHA1
65e6e64fb4b545cfd0b630615d3e7e9271e4de0b

SHA256
6856d01af66e5de3012104455833c06d6a89002297341300fd521f1f16cdd1eb

SHA512
bdeb0661c0fb8e6d93d91be86a1c3b1d1430658fbeab30d9a0238ef34189881c90ddf5cee2ab0a016e155e6f3b9b2b82720e8526962de0ec1edaa23325d090d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe

Filesize
468KB

MD5
cfc69806254157486537739cf79b4be6

SHA1
ee0f73419de3f3a5e22bafcbcd5780cc4b5cc926

SHA256
310b05977e7b14c5855232d7e71954bb036dcadb96e069c7640b0f483d08e3b3

SHA512
34fc5ba235c5d5e44ab3e911576516e6a73bee25f7ad8266bbd7d5bab768be80d43cb68b50cfa8b8effdd92afaeec53911ebf66bc55b6911b6cbe775de7bd6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe

Filesize
468KB

MD5
2a9fabceacb20a1c1eab597d8a70f491

SHA1
7d4ed5cc48afa719e8e3770936231ca864ae1d53

SHA256
0df124aa3c2f888e736815cc89346019a88da76f9d6d086742e73d4c8731b49c

SHA512
1c97702a18e92e6b8a288b74f2a79033e65a12da8a8736376eeb28c6979a7a2071fc7a1b3d67e7cd6aa9c7bf38a3f907ce16a5308bcd11dfb17dd47d3b976a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe

Filesize
468KB

MD5
9fa49045193898d95ae4a03ecbb4d8e8

SHA1
6d0642013f3a7a311edbd11d624c0859b83764d7

SHA256
148c231ad80199bee64baa8164d8e3b451c95645382833e3d6282c30b811e6f7

SHA512
69015dd0b46da30f51d5a4fde275c507fdeca8be4bd301556622b0b919e133ed2f265730f4d4ccf43aec7263547651f1cc9a36f9cb058d085d00d2b4affdb1b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe

Filesize
468KB

MD5
e755f352736d5e49f0e1ed82fc9b1070

SHA1
33bb22d340121c96d7a33de1f410910a8e588e96

SHA256
0b46c151e673d7f79065ddac40dd4b7ee27a3f14f5b6ce7b0a67868abca7a16a

SHA512
7c54a9ed975e522d56ecb96eb556a1baa04c950d21c36594c426a18f45f5b6febf1058a41b89c65b068578ed3ffd1f7fbefef84792cf267aefd25f8a3f4dc7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe

Filesize
468KB

MD5
98b9fdd508e47921a00c438bec3bbd81

SHA1
bded4dc8f7bd2d69594351442442ea48cf314bc5

SHA256
35e76f6865b52cf28c8db442e34fd12d679501892c9066dfb22a58bc1b785106

SHA512
5aee11d35f84741d18a878762b8203401188d79008cbed0e53efbd84d6eef9ab5c121bee5df7d63693d9bfddccc32af85624869776ee941f4a503102daa08e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe

Filesize
468KB

MD5
5f80105063c267c318400fb2c893748c

SHA1
97cf9d71e3ac787b69e6dcc83cf2a0bea99cc0fb

SHA256
17742607aca9eb1df6e9c7e59f4446cc4c02f0d491ba63e4c75b1cf30770996d

SHA512
ea07111510d14d7d74316885248a4fc8de94a591e4f6fddcad512863be6eccb73f2112ba2831f95928863c00ca88e7441fa20319490d395cc38f64a05eb983a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe

Filesize
468KB

MD5
05c3851a25d6b8b7d22fada0f548199d

SHA1
a568b6c29cd38218a856411522ad81a8f1b0d0c7

SHA256
0ebe658ab82d7083153d3b9f429dfa3f3e8a0fc0fb6b99ac0a59958fd5b362a6

SHA512
a8b10332cf80c302bdd645098926369e8bdf228089ba0ee7592088a638ff5bfb31bbb04926e577001dd3b742af7247959a3454302508fbe7863ea5694c39279c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe

Filesize
468KB

MD5
4ed9cc8719b3cb80cfd98f3f7c14e778

SHA1
4d1ccb9effff806ee06638b65257f946de2a7e0e

SHA256
d5e151843230ece4079acac5f7ca61cb751d86e725cb7582ffedd9743bd89e7e

SHA512
ece1895bbb68689d8ed81029598c49c14ffca480ec0aca1014d8da2c324a1f85b4592fa839b82d02a0e169edacf0dcb887f6e8d2975bd72063ec40c83c035395

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe

Filesize
468KB

MD5
87f3a838b57661578e058300e9f48a0a

SHA1
a1a67c5aaaf15426b4e0ccc0a596d4ff5e5dcf18

SHA256
89356486cd54cb25d3e590c527c009ccc8132bddb81b8dd858382d6be229e150

SHA512
8e094c4277a448c3b9a27319c08aca7accf03ad7cd09698b125f9846072c9665f5eb99060232b029ed8ed87c11bc6668ed7aa230240ee2ef418feae6d28c95a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe

Filesize
468KB

MD5
979f1c431deaa9c2e6fd314a06ba677d

SHA1
9cd97b7701a7bcc8a40860624a951271fcf19fcf

SHA256
6b23f63f21eec249520870805f6c36df99235b2740b16d0241b4b05987058a09

SHA512
783d0398ac8b7d3d769d92d1f62791e9cd8463724cb5e576480f3ab7d66a9fb13846c5d41cf12f33cf6fe1deab2403e67e9162563e4b5fa430dfa21206d537ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe

Filesize
468KB

MD5
294f733f92a8ae25df1c2d7b1dbb5394

SHA1
ee86e895f3f47a6a514c12044dbb22ef1743762b

SHA256
80bf2d9b7f729075f785fa6705c01b1c2eaf124831bc85bed445358475871066

SHA512
47a680e5f2a3357dbf8f828503a6c74bff57e93729f56910b937bc6f757dbe187b1e85eee622face78424d51a685b8927d245ea651e873cf90b6c9304cee96a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe

Filesize
468KB

MD5
bd71703a40c41c3c281402ac93132821

SHA1
975a5551054b6b22d3b32dbd720dc1a5745d1c28

SHA256
d6749d09839959f525f23a185b5203c0b8576ab4c103ff1aaa2691a0ec4a410d

SHA512
8a4c7e09984bd2879b68acd13fb14df274cbbd7c6d6b54830a464d7ca88f890adceeabd918e8f570135aae48f1e581b8773de84cc0a2863d230b095ed2fc6afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe

Filesize
468KB

MD5
72f8a4ea17c22163d03fdb53aa74bab4

SHA1
cf30e015abaabfe7ddd271067d65086186143092

SHA256
4781781724ebc4d7b261bd5dd73146117a1ed23a205b21beafa481472daa7aa4

SHA512
e348e00cb80f66ca5ca0c44750a7beaf097844ba6bfd530c0b20e7bb39a7cc4e8a9498ca9d4635d3f7002fc2d1607019ed594c26c489e45ab5d49c86feffb53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe

Filesize
468KB

MD5
a9b9f671b9b0eac3f6ef8a9d83037c06

SHA1
020ba629430ae3064a8f07653f0832b38cd9fb61

SHA256
69eb6c3bf8b753ffe9d71985fb574ac2138963e7dfd994343eff0900cab0c775

SHA512
9a1e12fba0576c4956f43c67bfd12e28837b2000afc75f2e6f9e2846989c83fb2e5a49ce61b80d1de0f27cca84e60b4ab0e2da397c81afd525aea0a5cf27e0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe

Filesize
468KB

MD5
efe7bd358833f3f925a89b8ff6f2baa0

SHA1
5b45d45b4f8548fa54120f7c68f296de9b8228c1

SHA256
c8f864bdf374b8db0618d6ee2aa931723340c032c91b4d0286c9347c5b4e1dc4

SHA512
08d63ae3b77a24c0ab9e5c49e848c40a819c09194bdf468bb5065292d9ef8629d020a822d140296b961a8b85f43434ea1e95f9802dd910650fbf73e5ca6657c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe

Filesize
468KB

MD5
84451e7f8a4aa1682e560246e8000ebd

SHA1
ff07ea4ca05d02fa3f50cc00bba6a09201928e46

SHA256
6f8d00fd4ba8412b03854f65515bbc151b5851095ae09ce5fa279758696bd2a9

SHA512
e4de1004df78cf8c560fdc391690170830b2224c421ed4197447acc39385d5cfc8060d688f6053cc3feeff4606fffcc5d719588f53af95e0b9f236e11e4d80d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe

Filesize
468KB

MD5
2a5b48ade1f2b0efd0abc0036484dbcd

SHA1
99ac06d352e818bf53908e89c066c27b09d6fdff

SHA256
7d0ca5b71fde139e5a9dc623b19fbd54738d9b636dec6d9345b57d7a8db46bc7

SHA512
2a429f2a2d7c0c76140a3c7d1169cafb30ac0e55f113cf208189974ad62f132bb8ac9445a7f5b0c45fa0a1bca25d1a384acfe43afcce921c89d1a2d7832a24aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe

Filesize
468KB

MD5
401069855dbae476a770f96c0e6a6b65

SHA1
ff38174cb4da4bbb3a63158f1fbce3e2da2b3a5d

SHA256
de8adfd74739bf4bc6ea1a2995738ff97b3354db9919c5159f99762b51068c5f

SHA512
76f29e3e18d73e0a996905ebb80e9d37eacf16461e7fb756f44643ec191f3048b2da217395496f9646723d566de3165455d607d4f81f48380fdaece72aabea06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe

Filesize
468KB

MD5
23ac4a4a2faa6ecc0c667614f05071e4

SHA1
0ed5061a761e9a565e2fcb3221835c71f1f1b943

SHA256
26e27ed012138471778664057625c1ac56e2ef83fc11d2a80577ffd821a17491

SHA512
cfeee8baf4502aca4dcbc9b906ceedbdb65e8c79c55db2511c38d1e351cb0696d15bdfaf23b417938ad6a39254a345a5a087b22c3acbfe71f6fdbd086549d28a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe

Filesize
468KB

MD5
fd0f1fd9d64eef960e03dc1bd06000f8

SHA1
17543ded2f791eb39ddd0719cfe0ff79c1fcd25e

SHA256
062042fd08e6a50914418ee4adc4f96eeedeeeccf95d43544840bff557a93253

SHA512
55e7df1b7d7684e5f1884d425e0a51ab79761cb6b9aee11c22fd9649d945c497fdb84c7eb5efe3e5ce8343743c6a514cd76688535a04628c9af02e244fb89514

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe

Filesize
468KB

MD5
29eb08e9b0787d59eafbc4895b6b0666

SHA1
2d9015b9254f374a2c295c3b9fcff91e27916aa7

SHA256
f10d07ef0394ac69426d78600a6049597a227d9c2f64b1737a87ed903cf99ac0

SHA512
365e82f8bbfdb43f05d06ab4cb93f98d5a30c278c1dfc53502ae42c1955d770b770c774700dffe0b5cd63605c9ddc828b955fb99e734dfdbb65f5dedf110f220

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe

Filesize
468KB

MD5
7157a3067d14d79deaaf1d779d5dfc79

SHA1
4df19a2f8f3274775d52c3d7b935d09a2dccc858

SHA256
979b7d5c7ae384e74034fc1893865cbd42ef2984ef8541d4aa5c9fe6feec6cdb

SHA512
0c7c1ec17ee54f0290d3e588b5f7e89b71b35c6722612f0dd2fadb463d8498ff7505e7001e7adcfbd185c03f4d68ae1fd44e6e0f2515f865673788b425d96b6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe

Filesize
468KB

MD5
39767c1fc74edf35c701c9a96d48124c

SHA1
d7f4cd3a9c4211714760aab9f51a256e2a8f63d0

SHA256
4f9e7b27b2e5a1dd84178d7fc400bf4a64b822461c54e708de6eee0516e26798

SHA512
71bf05fee3b00eb5b408583b39cbd02b3d3480f9d8c6ece69fb74f5130eb46a56e36c9962c632e47f2721af7a9a6f2b7482b9840dc0359c4ce6edd4e5bc63686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe

Filesize
468KB

MD5
6fe50aa82481b854377b1d21050a3fd1

SHA1
b241667fa1f9c6825ff1f525c240bd9b3e1e9c51

SHA256
edb4d9063f10a7a98bfdecda11e075b60cf542c25b7facddc1476fce6e4e070f

SHA512
e155dd9dc43718df27112e7cde0b6e9880fced122ee99a9cd7d5c24bb2487f88005f541facfad63062ab5a9e9596bb657185bdf1a25d25d469d0c7fc3a151fc9

Download Submit
memory/388-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/408-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/436-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/492-2877-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/776-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-3282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-3287-0x0000000077710000-0x000000007778B000-memory.dmp

Filesize
492KB

Download
memory/1004-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-3284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1128-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1144-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1144-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1144-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1172-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1344-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1404-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1448-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1456-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1600-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-2906-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1728-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1900-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2136-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3116-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3128-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3232-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3256-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3552-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3732-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3828-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4056-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4088-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4112-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4140-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4268-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4280-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4388-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-3289-0x00007FFCD2DF0000-0x00007FFCD2FE5000-memory.dmp

Filesize
2.0MB

Download
memory/4524-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4868-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5044-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5616-2908-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6504-2983-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6956-3286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7628-3279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12884-3285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14672-3288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14856-2976-0x00007FFCD2D50000-0x00007FFCD2DA9000-memory.dmp

Filesize
356KB

Download
memory/14932-3005-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15400-2901-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15436-2992-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15884-3283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16020-3281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16320-2988-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads