671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346db

Analysis

max time kernel
120s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe
Size

468KB
MD5

64ba8185a6e1125f05090c550834e3b0
SHA1

ea718840af2858ffbd193c00d52537c57cab403a
SHA256

671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346db
SHA512

6c30539124971ea484ad235d499fc2830c61111f1ea9289ca5f5e515111d7f0b8bae59ce1dcb025eee62b7e55350148ced8178bc3c9a6983343cbd2e13717168
SSDEEP

3072:WqonoQLd198UhbYCfR5xff5EChj+8pBnfHePV4soYR3/Qo6qzlh:WqEoy2UhhfXxffUwEnoYpoo6q

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4188	Unicorn-37040.exe
1308	Unicorn-36054.exe
4156	Unicorn-38554.exe
3896	Unicorn-833.exe
2360	Unicorn-34252.exe
4996	Unicorn-23392.exe
2748	Unicorn-5009.exe
1016	Unicorn-28436.exe
4160	Unicorn-35212.exe
440	Unicorn-57771.exe
2268	Unicorn-12099.exe
212	Unicorn-16184.exe
468	Unicorn-36696.exe
4504	Unicorn-42826.exe
4252	Unicorn-30117.exe
1988	Unicorn-60698.exe
4308	Unicorn-17720.exe
4428	Unicorn-63391.exe
2580	Unicorn-5467.exe
3028	Unicorn-46863.exe
4812	Unicorn-38694.exe
3740	Unicorn-58560.exe
1528	Unicorn-15581.exe
2212	Unicorn-15581.exe
4908	Unicorn-926.exe
312	Unicorn-1191.exe
4924	Unicorn-44262.exe
3608	Unicorn-64020.exe
3636	Unicorn-5367.exe
2236	Unicorn-53085.exe
2976	Unicorn-40002.exe
3580	Unicorn-23474.exe
1712	Unicorn-12613.exe
3124	Unicorn-36132.exe
1616	Unicorn-2498.exe
2960	Unicorn-46822.exe
1812	Unicorn-16096.exe
2632	Unicorn-6344.exe
1320	Unicorn-6344.exe
3456	Unicorn-26210.exe
516	Unicorn-26210.exe
4440	Unicorn-13957.exe
1916	Unicorn-40600.exe
1724	Unicorn-63158.exe
1672	Unicorn-63158.exe
3408	Unicorn-40500.exe
2200	Unicorn-11819.exe
2968	Unicorn-5689.exe
2796	Unicorn-46630.exe
2544	Unicorn-46630.exe
1760	Unicorn-57491.exe
4020	Unicorn-63058.exe
4564	Unicorn-49323.exe
548	Unicorn-3386.exe
4820	Unicorn-3386.exe
2184	Unicorn-53407.exe
100	Unicorn-53407.exe
4348	Unicorn-21363.exe
3416	Unicorn-46630.exe
892	Unicorn-143.exe
1296	Unicorn-14341.exe
5060	Unicorn-30769.exe
4344	Unicorn-30769.exe
3088	Unicorn-2089.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3492	4428	WerFault.exe	107
13192	7244	WerFault.exe	299
15968	4236	WerFault.exe	733
15976	15204	WerFault.exe	708

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50958.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4152	dwm.exe
Token: SeChangeNotifyPrivilege	4152	dwm.exe
Token: 33	4152	dwm.exe
Token: SeIncBasePriorityPrivilege	4152	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe
4188	Unicorn-37040.exe
1308	Unicorn-36054.exe
4156	Unicorn-38554.exe
3896	Unicorn-833.exe
2360	Unicorn-34252.exe
4996	Unicorn-23392.exe
2748	Unicorn-5009.exe
2268	Unicorn-12099.exe
1016	Unicorn-28436.exe
4160	Unicorn-35212.exe
440	Unicorn-57771.exe
468	Unicorn-36696.exe
4504	Unicorn-42826.exe
4252	Unicorn-30117.exe
212	Unicorn-16184.exe
1988	Unicorn-60698.exe
4308	Unicorn-17720.exe
2580	Unicorn-5467.exe
4428	Unicorn-63391.exe
3740	Unicorn-58560.exe
4812	Unicorn-38694.exe
4924	Unicorn-44262.exe
2212	Unicorn-15581.exe
3028	Unicorn-46863.exe
3608	Unicorn-64020.exe
4908	Unicorn-926.exe
2236	Unicorn-53085.exe
1528	Unicorn-15581.exe
312	Unicorn-1191.exe
3636	Unicorn-5367.exe
2976	Unicorn-40002.exe
3580	Unicorn-23474.exe
1712	Unicorn-12613.exe
3124	Unicorn-36132.exe
1616	Unicorn-2498.exe
2960	Unicorn-46822.exe
1812	Unicorn-16096.exe
1320	Unicorn-6344.exe
2632	Unicorn-6344.exe
516	Unicorn-26210.exe
3456	Unicorn-26210.exe
1724	Unicorn-63158.exe
1916	Unicorn-40600.exe
4440	Unicorn-13957.exe
1672	Unicorn-63158.exe
3408	Unicorn-40500.exe
1760	Unicorn-57491.exe
4020	Unicorn-63058.exe
2796	Unicorn-46630.exe
4820	Unicorn-3386.exe
4348	Unicorn-21363.exe
4564	Unicorn-49323.exe
100	Unicorn-53407.exe
2544	Unicorn-46630.exe
2200	Unicorn-11819.exe
2184	Unicorn-53407.exe
2968	Unicorn-5689.exe
3416	Unicorn-46630.exe
548	Unicorn-3386.exe
1296	Unicorn-14341.exe
3088	Unicorn-2089.exe
4344	Unicorn-30769.exe
1708	Unicorn-506.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 4188	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	83
PID 1148 wrote to memory of 4188	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	83
PID 1148 wrote to memory of 4188	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	83
PID 4188 wrote to memory of 1308	4188	Unicorn-37040.exe	86
PID 4188 wrote to memory of 1308	4188	Unicorn-37040.exe	86
PID 4188 wrote to memory of 1308	4188	Unicorn-37040.exe	86
PID 1148 wrote to memory of 4156	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	87
PID 1148 wrote to memory of 4156	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	87
PID 1148 wrote to memory of 4156	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	87
PID 1308 wrote to memory of 3896	1308	Unicorn-36054.exe	90
PID 1308 wrote to memory of 3896	1308	Unicorn-36054.exe	90
PID 1308 wrote to memory of 3896	1308	Unicorn-36054.exe	90
PID 4188 wrote to memory of 2360	4188	Unicorn-37040.exe	91
PID 4188 wrote to memory of 2360	4188	Unicorn-37040.exe	91
PID 4188 wrote to memory of 2360	4188	Unicorn-37040.exe	91
PID 4156 wrote to memory of 4996	4156	Unicorn-38554.exe	92
PID 4156 wrote to memory of 4996	4156	Unicorn-38554.exe	92
PID 4156 wrote to memory of 4996	4156	Unicorn-38554.exe	92
PID 1148 wrote to memory of 2748	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	93
PID 1148 wrote to memory of 2748	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	93
PID 1148 wrote to memory of 2748	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	93
PID 3896 wrote to memory of 1016	3896	Unicorn-833.exe	95
PID 3896 wrote to memory of 1016	3896	Unicorn-833.exe	95
PID 3896 wrote to memory of 1016	3896	Unicorn-833.exe	95
PID 1308 wrote to memory of 4160	1308	Unicorn-36054.exe	96
PID 1308 wrote to memory of 4160	1308	Unicorn-36054.exe	96
PID 1308 wrote to memory of 4160	1308	Unicorn-36054.exe	96
PID 4156 wrote to memory of 440	4156	Unicorn-38554.exe	97
PID 4156 wrote to memory of 440	4156	Unicorn-38554.exe	97
PID 4156 wrote to memory of 440	4156	Unicorn-38554.exe	97
PID 4996 wrote to memory of 2268	4996	Unicorn-23392.exe	98
PID 4996 wrote to memory of 2268	4996	Unicorn-23392.exe	98
PID 4996 wrote to memory of 2268	4996	Unicorn-23392.exe	98
PID 2360 wrote to memory of 212	2360	Unicorn-34252.exe	100
PID 2360 wrote to memory of 212	2360	Unicorn-34252.exe	100
PID 2360 wrote to memory of 212	2360	Unicorn-34252.exe	100
PID 4188 wrote to memory of 468	4188	Unicorn-37040.exe	101
PID 4188 wrote to memory of 468	4188	Unicorn-37040.exe	101
PID 4188 wrote to memory of 468	4188	Unicorn-37040.exe	101
PID 2748 wrote to memory of 4504	2748	Unicorn-5009.exe	102
PID 2748 wrote to memory of 4504	2748	Unicorn-5009.exe	102
PID 2748 wrote to memory of 4504	2748	Unicorn-5009.exe	102
PID 1148 wrote to memory of 4252	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	103
PID 1148 wrote to memory of 4252	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	103
PID 1148 wrote to memory of 4252	1148	671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe	103
PID 212 wrote to memory of 1988	212	Unicorn-16184.exe	105
PID 212 wrote to memory of 1988	212	Unicorn-16184.exe	105
PID 212 wrote to memory of 1988	212	Unicorn-16184.exe	105
PID 2268 wrote to memory of 4308	2268	Unicorn-12099.exe	106
PID 2268 wrote to memory of 4308	2268	Unicorn-12099.exe	106
PID 2268 wrote to memory of 4308	2268	Unicorn-12099.exe	106
PID 2360 wrote to memory of 4428	2360	Unicorn-34252.exe	107
PID 2360 wrote to memory of 4428	2360	Unicorn-34252.exe	107
PID 2360 wrote to memory of 4428	2360	Unicorn-34252.exe	107
PID 1016 wrote to memory of 2580	1016	Unicorn-28436.exe	108
PID 1016 wrote to memory of 2580	1016	Unicorn-28436.exe	108
PID 1016 wrote to memory of 2580	1016	Unicorn-28436.exe	108
PID 4188 wrote to memory of 4908	4188	Unicorn-37040.exe	109
PID 4188 wrote to memory of 4908	4188	Unicorn-37040.exe	109
PID 4188 wrote to memory of 4908	4188	Unicorn-37040.exe	109
PID 4504 wrote to memory of 312	4504	Unicorn-42826.exe	111
PID 4504 wrote to memory of 312	4504	Unicorn-42826.exe	111
PID 4504 wrote to memory of 312	4504	Unicorn-42826.exe	111
PID 4996 wrote to memory of 3028	4996	Unicorn-23392.exe	110

C:\Users\Admin\AppData\Local\Temp\671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe
"C:\Users\Admin\AppData\Local\Temp\671f2e0e829bb19c695ec9e33ffc2162ef8ca2aeebb2b83a1c2bb122c2a346dbN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        9⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        10⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        11⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        10⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        9⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        10⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
        10⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57045.exe
        9⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        9⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        9⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        9⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
        9⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        9⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        8⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        7⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        7⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
        9⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        10⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        9⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        9⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        9⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        7⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        7⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        6⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        9⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        9⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        9⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        7⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        7⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        7⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        8⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        7⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        5⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        5⤵
        
        PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        10⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        10⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        9⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        9⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        9⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        9⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        8⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        9⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        9⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        8⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        6⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        7⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        8⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17853.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        7⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        6⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        6⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        8⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        8⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        7⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
        7⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        7⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        6⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        5⤵
        
        PID:7244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 632
        6⤵
        Program crash
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        5⤵
        
        PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        7⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        6⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        5⤵
        
        PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
      4⤵
      PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        9⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        10⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        10⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        10⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        9⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        9⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        9⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        8⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        7⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        9⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        8⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        7⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        7⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        7⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        7⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        9⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        8⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        7⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        7⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        7⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        6⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
        5⤵
        Executes dropped EXE
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
        8⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        7⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        7⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        5⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        5⤵
        
        PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 644
        5⤵
        Program crash
        
        PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
      4⤵
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21183.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
      4⤵
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      4⤵
      PID:7412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        5⤵
        Executes dropped EXE
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        7⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
      4⤵
      PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
      4⤵
      PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6874.exe
      4⤵
      PID:8568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        7⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        5⤵
        
        PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        5⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        5⤵
        
        PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
      4⤵
      PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        6⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39801.exe
      4⤵
      PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
      4⤵
      PID:7404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        5⤵
        
        PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      4⤵
      PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
      4⤵
      PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
      4⤵
      PID:7444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
    3⤵
    PID:8152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
    3⤵
    PID:11396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
    3⤵
    PID:14560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
    3⤵
    PID:7756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        9⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        9⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        9⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        8⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36058.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        8⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        7⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        7⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        8⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        6⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        7⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        6⤵
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        6⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        5⤵
        
        PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        6⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        5⤵
        
        PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
      4⤵
      PID:4236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 468
        5⤵
        Program crash
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
      4⤵
      PID:9064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        7⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        7⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        6⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        5⤵
        
        PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44325.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
      4⤵
      PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
      4⤵
      PID:15904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        6⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
      4⤵
      PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
      4⤵
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        5⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
      4⤵
      PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
      4⤵
      PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
      4⤵
      PID:8968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
    3⤵
    PID:7984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
    3⤵
    PID:14500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
    3⤵
    PID:8132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        6⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        6⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26942.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
        6⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        5⤵
        
        PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      4⤵
      PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
      4⤵
      PID:13456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        5⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        7⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
        6⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        6⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        5⤵
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
      4⤵
      PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
      4⤵
      PID:15204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15204 -s 452
        5⤵
        Program crash
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
      4⤵
      PID:9452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
    3⤵
    PID:8592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
    3⤵
    PID:11736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
    3⤵
    PID:14724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
    3⤵
    PID:8444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        7⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
        7⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
        6⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41967.exe
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        5⤵
        
        PID:9368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
      4⤵
      PID:9692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        5⤵
        
        PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        5⤵
        
        PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
      4⤵
      PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
      4⤵
      PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
      4⤵
      PID:6700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
    3⤵
    PID:10108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
    3⤵
    PID:12232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
    3⤵
    PID:13328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
      4⤵
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        6⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        6⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
        6⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
      4⤵
      PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
    3⤵
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        6⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        5⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
      4⤵
      PID:6212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
      4⤵
      PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
    3⤵
    PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
    3⤵
    PID:12484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
    3⤵
    PID:15784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
    3⤵
    PID:10300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
    3⤵
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        5⤵
        
        PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
      4⤵
      PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
      4⤵
      PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
      4⤵
      PID:10868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
    3⤵
    PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
      4⤵
      PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
    3⤵
    PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
      4⤵
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      4⤵
      PID:15056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
    3⤵
    PID:13148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
    3⤵
    PID:648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
  2⤵
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
    3⤵
    PID:5980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
    3⤵
    PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    3⤵
    PID:13028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
    3⤵
    PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
    3⤵
    PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
    3⤵
    PID:10464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
    3⤵
    PID:15140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
    3⤵
    PID:15584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
  2⤵
  PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
    3⤵
    PID:8800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
    3⤵
    PID:9588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
  2⤵
  PID:11388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
  2⤵
  PID:14588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4428 -ip 4428
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7244 -ip 7244
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 15204 -ip 15204
1⤵
PID:15364

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe

Filesize
468KB

MD5
ee8e4912819ff46e35f032c28e2ac85e

SHA1
dd5a6f1414d256e4f758ac4bf25c338670ade180

SHA256
4711b647387df69636e0d78695044b3dacac63cd1323dd2f47f11c2ab10be2c7

SHA512
b78b1902b2be879eaed976c224f3e1a37f48149322f50f7086069d68cd3e271e6365cce3ef109d4a1c2215b7d0f283c04657ea70adf8d32f4cd4cbdc334d8279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe

Filesize
468KB

MD5
d12d01c312ad581593a9cb8c4b1e5842

SHA1
20b2cac0e0ca2e36f878715be25b651962b5a810

SHA256
942972ac58e89318ae587569c368c4ad5145ca9abcfd1881fdb68396f14bcf10

SHA512
f52122691b28e043707e7a2631fe47c7f0761481bf4a28f82f93af2f35b69b09f11545f2c2f8bd510de53844a0471447ec97f5354798aaec60314e8b8908e001

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe

Filesize
468KB

MD5
2bb6aadad837cc85a678e08aaf9a175f

SHA1
ed8b4ace3c02fc62506fdb200a072ab2e3b673e9

SHA256
95735aabd5c2f897786026d8988264dac540fee2d10655137f6099caa708ad86

SHA512
1c91f4e45c4b3893b72ae1d80afc7278d297eb40ea4edc7c31f1d4e615a36870b3b126547a012a9cdd1b5e8b01d139ae2ac84806e9ab35f3e01a7fef42cd6e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe

Filesize
468KB

MD5
f1bbb2569a7f652131f8313ac3a0b5d0

SHA1
c3ecf0f7fbd40ab6eb5ef7cb03d40ee30714a37c

SHA256
38fe42bc389841a09024d630f4aca1a7d7837c538633a008f01af9c954926a25

SHA512
94ea068edcbb4ca1793fa995798180d9fd936fb28bb155398b413972b0ce4d35be533044af6d40f69e7fe784b4fc3bc17ee919cbc4852912a15cb5623104f451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe

Filesize
468KB

MD5
9d9730977337fa2ae943172d39e208e8

SHA1
dc09e5f6b96a008ea0a1dfa28629366f5175d67b

SHA256
c1a7eb211facdd16d84541f50066bbd5f50088d9e798c52a8ed2753c258f77a4

SHA512
9d0db8e56e96c130a2ff05debd1ec1d02e1654de12e20cc785e938ae51573912779f28010b8426cd06d2162cb0b2fb22f38146456d7a9613e40421887eb185f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe

Filesize
468KB

MD5
3ab86ac56d865f42415a361ea7179559

SHA1
59e9b425b7ff481d2cda9291c54709b2b72be3a0

SHA256
6552b84b64139d0285560bf0bff7dc7ed8d2dd3781f8f6efcc45fd89f1d3b99a

SHA512
aa047af67a5fe2073f023df095e120616996aa82dfb98f0873b9cd234904278e99daca183f65ab2befaba66507ee29ae9088126b5015d01f9eedba7a69c39e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe

Filesize
468KB

MD5
fb7476dfb74daa9dfd7c47027243a5d4

SHA1
d5eed42a634eb4144f6774f4c1794922ca1ae9ea

SHA256
19e37ea373b95527c155f38bfb069e0a2a2e8d8cf3fecb27af8047e6b206e620

SHA512
070f65d1637d61e56a1ddf5f3eac991ae57ff2d30fda2247db3d714a66b2a5b05ba943760d13fa9a66d8272eea731e944e6f6ae94deb8beb3e718eb8e2c2c6b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe

Filesize
468KB

MD5
2c052ace5ea719c2b6a2083bbf7ed6e7

SHA1
1026d1effbf05940af5968f5eb623addc85b1cc2

SHA256
522e58c03e89156c2d8be19f567b92bb59f749796c6f9682af479272fd2619d6

SHA512
f2d1415607c03c03452ce5b614d637b3772e4590a3d6d035599382458a2e9301b09ac801d4872d3fb59f606fe016bacf51818c2caa3076acfd3329950018cea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe

Filesize
468KB

MD5
9642e902ff87b54450b82330d72ea03d

SHA1
fbd24910df5d4239755c4db1c0e27ad3ddcd7cd5

SHA256
62f0081f38a90a6bc8793ed838e9d4889e8ed6cc4484c53180feffa8686afe84

SHA512
d9f77b246db8fc70a3c8afc8d55035fd3d38ad61f467acfd028229f0db7a6be445783a19d60d27bfc9c62f0f16336903aaf640e53c16d3cf6968c4020ed71e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe

Filesize
468KB

MD5
c8a9a7c262e0d6c4c867af5e6262f843

SHA1
cba57067609401bd57473dc06fa5a9e4871d21db

SHA256
5bdf23d797343d5f0b59cead4fb7ed178fa80426eefc1a0bc153fe41689136dd

SHA512
681606007d34362f8fae3b48b557994daded93291a5d9491cb4f10622497a0a1b39a26ed6674b2cd6ae40d1b96a445c7a75cbfbe8760ef933697a823a94a31c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe

Filesize
468KB

MD5
6b1bd87ce09284cceb138cd246f92022

SHA1
e381931d09d55d314841e56c5e72c8376c9d6d36

SHA256
364e73e38316f5d0b1cecf03e11203a4a51615e4ce5bd85a4970a721855ee6e2

SHA512
da63c3b2fcec675ed4cdc33ce1fe3255f6b1d6523cfe8ac8ab45f1a38377c6d8800d229df072188b209c3ef165968d299fd176af4cf0cda178cd8df08022fedb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe

Filesize
468KB

MD5
d04060ffefd71c9b8d33c7c3e066dd4d

SHA1
c5ade0a9bc7f526510c49f2e21605b3aa69838f1

SHA256
1ba441a6ce8617dcb9570e3ae33bb5c00ec0bb337661edca677fbdbebde0b98b

SHA512
9c1fc36d1830076557b130c38cb448d0cb86068c04542f51a4c969da6dd9285d75a957cc727a268e46c3763da4fb32c22c50f431b6b67aee24bd02f02026f796

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe

Filesize
468KB

MD5
fcf5cb1a254d3d4e30d1743c28352d04

SHA1
201f3da976b046c38d45fd63e75e93d8ad6466e4

SHA256
69313025247b605bd50483e11f0268fcef38ef8cf240265acf1d3dfbf65a713d

SHA512
e0654c2a2bd8e34aae3a8e6c5e73ad088aae18b80e0e1fdf9ca35e898533366f6aea8420f75cc2c714cf47a697ad08c98e1e9c3af7c198b8d5fd6fe8e391efa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe

Filesize
468KB

MD5
2dbfa12878178553e43b4028f3a9c2f1

SHA1
27126fdf0c7ae33bd68040b720b906467216d2a4

SHA256
0c0f1a04480c8e8feb4d847a46aaf039826041925cf19d6e64314650c34f2e93

SHA512
16cbd8d244c85d9cfb39fec215b9fdee8c6d0c7fd574fe8f5aaf15efefb8a81500d98d2a0437aa252bc6a28670d0a8742e13f301e57d4f2b08eeab7f4387d183

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe

Filesize
468KB

MD5
ece741e7e1624add25871b70ef1fbfc5

SHA1
4b55b556d6eb95a815c8bf2fdc3f01919892adb8

SHA256
e217d90eff793f6bdb2a9d9f71f0989be17892acf57a8cfb0ce4ff1ae7a43d82

SHA512
097e40b7f77097aea8b3681b222f48a35a5e94947453f2788ff2dcc179e6b805743d6cc252931de7a95cd1a4895a71f3a5d5ea6818e7df921854f742040599de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe

Filesize
468KB

MD5
69610f198715160770cd6f0837f5c1e5

SHA1
af59a6f264d9a01dba2bc132657828dacd2184d0

SHA256
abad1ee7ecdea70aa2560a34e74f125dabf4778fb59007e22dee273409c1c12e

SHA512
a361e48d655d522553180d233ff6fbe9dbb7b587e4d999b02b511c27a948cceb5225496d26cfe31a0c63a4739880ec105065feaa5b9fe8ba7177c3a67f183f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe

Filesize
468KB

MD5
9806711fb6a0e00a4b196f3d5f092edb

SHA1
aa13db766b56cbd06d3d62a1822012d9d0ad141b

SHA256
4415b4741bf608d3d22e6121bf89f6b158397339ede85c28fbc1ebd5c2bf837e

SHA512
572588088fe0978b5f587088b5615ad9c01934a1d585c2956411fc769fc8b2303e0081ea4b253b6d9357240d3e17215b888937a370038cf6f4a604899e48c107

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe

Filesize
468KB

MD5
91838e9eeb6eb326f8c7685e53f8afcb

SHA1
01a1e44542311590fa3308235bc8c7d204f74ffc

SHA256
7a5c055b30c7ebb26401baca26c76b7b2e1f0897aae905acda8d3b1ca7f0a693

SHA512
ef58f70c5a7590e63724d6582de346e8e2b28693f85c7e6a8b70d47a5e1fea9abc1120b117ceb1f24cecb55d9e3dd47445a8e677638a22d545a49b228443e3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe

Filesize
468KB

MD5
b2667db61d55ae0f21ae6add1af44426

SHA1
4e64b353a517909ae2839795cec08c510a5e6ff8

SHA256
47dc29ae1f49ac53deda1e304990883102f5111e26187aeae93ec1858f1346c8

SHA512
22277b974b89c9c5f52cbb4099839bc29a9a09eb215228bf3b74f722fb0f4b36e3c824f5ea118c7c9799ff752a0ee46e3a141b8d26810e23d9207f8da270e218

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe

Filesize
468KB

MD5
5f63f35d33f10e2864f5de3fc61109b5

SHA1
0a895019ebe6fbad3193f89bd1f0ff2451e36b92

SHA256
77f6a3e51599494e52abb613dde5d13eee8d9b49899a7a7dca2916a6b07c462c

SHA512
e0158bc7a6269ffb9984b801a7333a577e74805d8686223c3e1c8cad690ff25e0ce48a5e830683291b205dfa968c4f967c36dde5c970eaa8f60b17dfc1924528

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe

Filesize
468KB

MD5
037a8bc90b7f93ad81af6af7158bffec

SHA1
5a53ad02eb882cf2001ce829347326da5f80ddca

SHA256
e2b17163fc05f766d68266a8c07aefac07cb84f380f7042975126d48cb90a20a

SHA512
748b7c4011006f074bc4944a367db5397a3504571710882d96896252d16f4842f7c21f46be324194b253630b533dab41e19657a56ebe3a0301a8aa9d3a631ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe

Filesize
468KB

MD5
49e123cd7abcb1112885f262a8a1742b

SHA1
6d24f99e77d1fb84bf32276252e9609081f57285

SHA256
b3b124829a96bc9c751a8efc0db573c97998465bbcdaa37ff9e12df1f258916c

SHA512
8ca3b6f20d10072c27e1ab4869114f60e5905fcde4bc2ec0e923ca7fa8d50712de252d6c13da878419c9d03f0283a2fb02b35f2a55b44d187a75a6c605da5544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe

Filesize
468KB

MD5
a924a3fe1a5bac7934fbb0059625e7e6

SHA1
96702895bd207a76f900de9d2d44df478239844d

SHA256
eb164954b8106a7ba049f693a7a44df27cf462941fc3c5ad50b28467f690f5c4

SHA512
c6eef938ccd56f7ec76201c696d12fe2b06d0e7a20f31ed929fb19eba7d8ea3f635899e741b79107da1596fcf7dea988cd335b5f118f0af3ec50cbe2a2668766

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe

Filesize
468KB

MD5
8ad7045ad55faa4f1f364e2aad376ef3

SHA1
5404a99f19f0176606e3a1f723ed03358ad578b7

SHA256
779e447557ce6d10f0f7df8c8f9ba8de6ea7472dd6b1d952665c7aff1ea5d21c

SHA512
058d3f531caf75587db624ad4f25f4940b39cc4214f8a3126b977c35d58597a7a0f5a7bbd316ac909dcd7c1030a41f86862ddebdb27542f096dbd11e2049c3ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe

Filesize
468KB

MD5
1903371921a14e96d6ac87729dcddefd

SHA1
17ee1f34e4ba69e4190668fa35fc3140a44c78ce

SHA256
301cfa8c99e8623cb463a4fcc06109a7f420abe95f18ff2f85fc1bc571e0907b

SHA512
49afe29ef1b29443491d42830145a008f9e5a5f6292c03259eb833dc8d60d26d5a9c6381b7edf903075bb441b3c1f36af4ea88bd1d5566a951bd02afacda7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe

Filesize
468KB

MD5
444a817d5a610dce4eddb98ed19b694f

SHA1
c7c7cf8a7acdc29e5305d6c980d4b05f59a27512

SHA256
2f2e11e8b8293376aef7b7bb90d94e65b114a890223e5be861446ac7cf378b83

SHA512
6b8dbbdf84ce09b64643eeb86e92dc5e7c16bae4764bf28ebcee2e1a219fbea21fa48b23d4eb0a932e46a3df421abb7bbdfc268fd4df0ba3d22f0d1bf49284ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe

Filesize
468KB

MD5
8b2769ba6888572a7f53e18771441d75

SHA1
02c6cc630f61e801617c85870c0459ea384c54a6

SHA256
82dc7032851ca7f537760eb5a5ce7a0c24495df67e59dd4e28469467cc7cc1c9

SHA512
53a54df10b7aae07ee7bb5a71bc68195f320ea9f7730e48971158d4873c47bcdb3cf32295d1bd436b01b8dbffa333186c0569f4514f053e478f8fd23fc5ab8d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe

Filesize
468KB

MD5
09d590f591e17daa5dd82dd7f9becd44

SHA1
3a22c2f9574682f8d919d8e3c65e565542a1ca06

SHA256
466efd68776e90a322043e9f4a3551b3bf751295b37d1183cbc1cd8d657686dd

SHA512
b2d8a8f140443e0e6528f20da3e989dec40fa92a5f9bfa7b8ecade2206d59db3f3a948af2b232e06317b5958b01c8500bb6cf4b3a434832b69f1fda862e99fb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe

Filesize
468KB

MD5
bff3396b12b1369508c7ebfc9b0d3cfb

SHA1
2d3810d35f8ee775a4bca75504dddd8de27f3a6c

SHA256
69b564be081060cc7c107cb69e6c32bf6e1e2cf699fd2b7b0e276ab379c9eb7e

SHA512
c8bc26c158c01e41eb9b16eb8bdf6ade33e559ab837a9c75b7fa16c0a8e10a4f73c1ae6c88da760e857a84d99e753ceb335cd6bc8696068038a6f6085a8d9dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe

Filesize
468KB

MD5
4690868e50b24b33dea8c4c02661dcfa

SHA1
50e9a916d2bab57b5e880c6b36dd4a8f32afdda8

SHA256
92c6fe0da64123d7788cec97679f6bfff9e842552c338552781038cbabf91c57

SHA512
49116a3f94ed59c34fb5af75b311568794a1b8d555df6b0ae000c285690a709c8382732dba22f5d5183dfbbe2ba148cc435fe18f0dd4087041f9e2f8a90409a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe

Filesize
468KB

MD5
4e2f2325051ae5fd4f644fd7dede62ca

SHA1
b208f577353d0bf42bde66dce9180d6400d9b92e

SHA256
b009aa98f2fe260e1d422b4fc626e01921312613d6830329b2e537124b7a413a

SHA512
709ef37c1d9e7d77bb5ebbdd770a15c302b01e97b1439da444fedef0f4cc42f138f156852373602ccd52d322136837710f4e097cb7a78ca10f7d59c5ee725bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe

Filesize
468KB

MD5
0c5b867644b7899822ac98209a1ce140

SHA1
9335619ae08cdf5294ed5bb21bd43bfece38034e

SHA256
b1dae14f91b1f6ff64b1cce531f138d918301d17bcbc9c544d9504a98d84c4a6

SHA512
14987af4ecc42bd1d788710a97426cf8bf3a072ddaa99598e15e280fc45afe35342b31074746477c818094c9b1e95ee252bd97b64d3245804b43f87923ec5331

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe

Filesize
468KB

MD5
350b97f59a538610a934acb136775c53

SHA1
a7aec094efa4bc8b06a75f2f3ad8adba4f1a966b

SHA256
fd71b513b6cb0830f24253e92f8a43c926ae608ef9c68437de38c3387b3ee846

SHA512
45b954c68e4f34a42c1463baa3a9ce97534c56c285de4c39bb8e47a8a00ccb441faf8ecfff66d29754b0a096b79855cdcda03ed767c383ca3ce657d8f61c807f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe

Filesize
468KB

MD5
7a5cef435528cea022b1092e75a2adc9

SHA1
a4665aa8c1956ab97a67c5ed14c83110a9d91c23

SHA256
2052ae83021c076ac82c0bcb2a2c73c991f28399d264adae0d36e81a004928cb

SHA512
f8f85ac8d1d5fc785aecb71ed790ee41f3b510d73cc24497cd7de7b6d110cae2ed709ce224b664da8076d2f568e1eddee13e49496da57ce83cd7c45f129df6b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe

Filesize
468KB

MD5
0a8a833d16aa42fd9d93f26409c73067

SHA1
4a63c8a0645f70d44b6cf8c6ec95cd2a7d068d35

SHA256
1a0591d37ff88dda5774cac2f14f643a4320bfb06701b04c1d9fee6a53aab874

SHA512
a500be03caab40bf9a52b96898fc046727b96a0c068f979a9b11029b54959cb1bc2844b1a6cad00b018f2445364d7118b27a14a4d5c17a5154710cfcc8457ea7

Download Submit
memory/100-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/212-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/216-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/312-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/440-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/548-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/892-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1016-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1296-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1384-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1504-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1528-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1724-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1760-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1988-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1992-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2104-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2184-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2200-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2960-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3088-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3352-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3416-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3580-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4160-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4188-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4196-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4252-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-136-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4440-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4504-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4592-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4836-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4924-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4996-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5060-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5452-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5516-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5660-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5684-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5768-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5792-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5804-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5816-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5852-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5864-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5888-562-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5980-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads