ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56f

Analysis

max time kernel
118s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe
Size

468KB
MD5

fa12766029bb0b2d9510832440f1f2e0
SHA1

3e941bb09029839a4f414efe33dc06c72bbb34e8
SHA256

ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56f
SHA512

ce75bd4f0f5bc2f508b96efa0e608b4c47f3fa4fe406fcb7cae67531771f3a554b58efa9eda06ca398c822ce5bcf8bd1c808e47cc9e10eaec017a8bb277deb50
SSDEEP

3072:bcAWog5d778r/7YfPzsUSx8/9Cr6xgACndHeZ55viKU6J572+0lt:bc5oC4r/wPIUSx8VBBiKX/72+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
536	Unicorn-37179.exe
2092	Unicorn-24066.exe
1204	Unicorn-1185.exe
4528	Unicorn-39995.exe
3224	Unicorn-56009.exe
1736	Unicorn-10337.exe
2212	Unicorn-39568.exe
3736	Unicorn-15345.exe
752	Unicorn-27576.exe
2352	Unicorn-47442.exe
804	Unicorn-14961.exe
4492	Unicorn-14696.exe
4400	Unicorn-10856.exe
3264	Unicorn-27707.exe
3292	Unicorn-56361.exe
3380	Unicorn-59035.exe
4468	Unicorn-32200.exe
4888	Unicorn-810.exe
4612	Unicorn-30337.exe
224	Unicorn-33483.exe
4172	Unicorn-36171.exe
4856	Unicorn-16305.exe
2796	Unicorn-43577.exe
3208	Unicorn-19259.exe
4820	Unicorn-2730.exe
5008	Unicorn-5864.exe
2624	Unicorn-6129.exe
4564	Unicorn-61753.exe
5040	Unicorn-29272.exe
1744	Unicorn-2346.exe
4912	Unicorn-31873.exe
4848	Unicorn-65522.exe
4368	Unicorn-58402.exe
2940	Unicorn-39081.exe
2976	Unicorn-39010.exe
5024	Unicorn-25170.exe
8	Unicorn-2097.exe
3608	Unicorn-53675.exe
1292	Unicorn-37531.exe
3544	Unicorn-21505.exe
2768	Unicorn-21505.exe
432	Unicorn-41371.exe
1748	Unicorn-37872.exe
1732	Unicorn-44002.exe
4312	Unicorn-63410.exe
1568	Unicorn-57545.exe
1620	Unicorn-33634.exe
1304	Unicorn-33250.exe
4344	Unicorn-35554.exe
396	Unicorn-2305.exe
1428	Unicorn-32155.exe
4160	Unicorn-12289.exe
2788	Unicorn-38977.exe
2108	Unicorn-51314.exe
3520	Unicorn-31771.exe
2216	Unicorn-30353.exe
220	Unicorn-44688.exe
3704	Unicorn-17224.exe
3896	Unicorn-34075.exe
3316	Unicorn-17355.exe
5148	Unicorn-442.exe
5160	Unicorn-46114.exe
5168	Unicorn-177.exe
5192	Unicorn-49451.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
5424	5664	WerFault.exe	175
3360	5612	WerFault.exe	171
5988	5672	WerFault.exe	176
14680	15136	WerFault.exe
6424	13652	WerFault.exe	661
14672	14160	WerFault.exe	663
14168	12368	WerFault.exe	652
3164	13616	WerFault.exe	660

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43779.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16916	dwm.exe
Token: SeChangeNotifyPrivilege	16916	dwm.exe
Token: 33	16916	dwm.exe
Token: SeIncBasePriorityPrivilege	16916	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe
536	Unicorn-37179.exe
2092	Unicorn-24066.exe
1204	Unicorn-1185.exe
1736	Unicorn-10337.exe
2212	Unicorn-39568.exe
4528	Unicorn-39995.exe
3224	Unicorn-56009.exe
3736	Unicorn-15345.exe
4492	Unicorn-14696.exe
752	Unicorn-27576.exe
804	Unicorn-14961.exe
2352	Unicorn-47442.exe
3292	Unicorn-56361.exe
4400	Unicorn-10856.exe
3264	Unicorn-27707.exe
3380	Unicorn-59035.exe
4888	Unicorn-810.exe
4612	Unicorn-30337.exe
224	Unicorn-33483.exe
3208	Unicorn-19259.exe
4172	Unicorn-36171.exe
4856	Unicorn-16305.exe
2796	Unicorn-43577.exe
2624	Unicorn-6129.exe
1744	Unicorn-2346.exe
4912	Unicorn-31873.exe
5040	Unicorn-29272.exe
5008	Unicorn-5864.exe
4564	Unicorn-61753.exe
4820	Unicorn-2730.exe
4368	Unicorn-58402.exe
4848	Unicorn-65522.exe
3584	Unicorn-45211.exe
2940	Unicorn-39081.exe
2976	Unicorn-39010.exe
5024	Unicorn-25170.exe
8	Unicorn-2097.exe
3608	Unicorn-53675.exe
1292	Unicorn-37531.exe
2768	Unicorn-21505.exe
3544	Unicorn-21505.exe
432	Unicorn-41371.exe
1732	Unicorn-44002.exe
1748	Unicorn-37872.exe
1568	Unicorn-57545.exe
4312	Unicorn-63410.exe
1620	Unicorn-33634.exe
1304	Unicorn-33250.exe
396	Unicorn-2305.exe
4344	Unicorn-35554.exe
1428	Unicorn-32155.exe
2108	Unicorn-51314.exe
2788	Unicorn-38977.exe
4160	Unicorn-12289.exe
3704	Unicorn-17224.exe
5160	Unicorn-46114.exe
5148	Unicorn-442.exe
3896	Unicorn-34075.exe
3316	Unicorn-17355.exe
5168	Unicorn-177.exe
5224	Unicorn-13441.exe
2216	Unicorn-30353.exe
5268	Unicorn-2808.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 536	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	89
PID 4796 wrote to memory of 536	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	89
PID 4796 wrote to memory of 536	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	89
PID 536 wrote to memory of 2092	536	Unicorn-37179.exe	91
PID 536 wrote to memory of 2092	536	Unicorn-37179.exe	91
PID 536 wrote to memory of 2092	536	Unicorn-37179.exe	91
PID 4796 wrote to memory of 1204	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	92
PID 4796 wrote to memory of 1204	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	92
PID 4796 wrote to memory of 1204	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	92
PID 2092 wrote to memory of 4528	2092	Unicorn-24066.exe	97
PID 2092 wrote to memory of 4528	2092	Unicorn-24066.exe	97
PID 2092 wrote to memory of 4528	2092	Unicorn-24066.exe	97
PID 536 wrote to memory of 3224	536	Unicorn-37179.exe	98
PID 536 wrote to memory of 3224	536	Unicorn-37179.exe	98
PID 536 wrote to memory of 3224	536	Unicorn-37179.exe	98
PID 1204 wrote to memory of 1736	1204	Unicorn-1185.exe	99
PID 1204 wrote to memory of 1736	1204	Unicorn-1185.exe	99
PID 1204 wrote to memory of 1736	1204	Unicorn-1185.exe	99
PID 4796 wrote to memory of 2212	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	100
PID 4796 wrote to memory of 2212	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	100
PID 4796 wrote to memory of 2212	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	100
PID 1736 wrote to memory of 3736	1736	Unicorn-10337.exe	102
PID 1736 wrote to memory of 3736	1736	Unicorn-10337.exe	102
PID 1736 wrote to memory of 3736	1736	Unicorn-10337.exe	102
PID 1204 wrote to memory of 752	1204	Unicorn-1185.exe	103
PID 1204 wrote to memory of 752	1204	Unicorn-1185.exe	103
PID 1204 wrote to memory of 752	1204	Unicorn-1185.exe	103
PID 2212 wrote to memory of 2352	2212	Unicorn-39568.exe	104
PID 2212 wrote to memory of 2352	2212	Unicorn-39568.exe	104
PID 2212 wrote to memory of 2352	2212	Unicorn-39568.exe	104
PID 4528 wrote to memory of 804	4528	Unicorn-39995.exe	105
PID 4528 wrote to memory of 804	4528	Unicorn-39995.exe	105
PID 4528 wrote to memory of 804	4528	Unicorn-39995.exe	105
PID 4796 wrote to memory of 4492	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	106
PID 4796 wrote to memory of 4492	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	106
PID 4796 wrote to memory of 4492	4796	ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe	106
PID 2092 wrote to memory of 4400	2092	Unicorn-24066.exe	107
PID 2092 wrote to memory of 4400	2092	Unicorn-24066.exe	107
PID 2092 wrote to memory of 4400	2092	Unicorn-24066.exe	107
PID 3224 wrote to memory of 3264	3224	Unicorn-56009.exe	108
PID 3224 wrote to memory of 3264	3224	Unicorn-56009.exe	108
PID 3224 wrote to memory of 3264	3224	Unicorn-56009.exe	108
PID 536 wrote to memory of 3292	536	Unicorn-37179.exe	109
PID 536 wrote to memory of 3292	536	Unicorn-37179.exe	109
PID 536 wrote to memory of 3292	536	Unicorn-37179.exe	109
PID 3736 wrote to memory of 3380	3736	Unicorn-15345.exe	112
PID 3736 wrote to memory of 3380	3736	Unicorn-15345.exe	112
PID 3736 wrote to memory of 3380	3736	Unicorn-15345.exe	112
PID 1736 wrote to memory of 4468	1736	Unicorn-10337.exe	113
PID 1736 wrote to memory of 4468	1736	Unicorn-10337.exe	113
PID 1736 wrote to memory of 4468	1736	Unicorn-10337.exe	113
PID 804 wrote to memory of 4888	804	Unicorn-14961.exe	114
PID 804 wrote to memory of 4888	804	Unicorn-14961.exe	114
PID 804 wrote to memory of 4888	804	Unicorn-14961.exe	114
PID 4528 wrote to memory of 4612	4528	Unicorn-39995.exe	115
PID 4528 wrote to memory of 4612	4528	Unicorn-39995.exe	115
PID 4528 wrote to memory of 4612	4528	Unicorn-39995.exe	115
PID 2352 wrote to memory of 224	2352	Unicorn-47442.exe	116
PID 2352 wrote to memory of 224	2352	Unicorn-47442.exe	116
PID 2352 wrote to memory of 224	2352	Unicorn-47442.exe	116
PID 4492 wrote to memory of 4172	4492	Unicorn-14696.exe	117
PID 4492 wrote to memory of 4172	4492	Unicorn-14696.exe	117
PID 4492 wrote to memory of 4172	4492	Unicorn-14696.exe	117
PID 2212 wrote to memory of 4856	2212	Unicorn-39568.exe	118

C:\Users\Admin\AppData\Local\Temp\ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe
"C:\Users\Admin\AppData\Local\Temp\ea5361514d6472f07326c7efab003932bcfccb91ac50bfb536c7b231bf8ec56fN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        9⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        10⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        10⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        10⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        9⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        9⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        9⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        9⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        8⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        9⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        10⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        10⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
        9⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        9⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        9⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        7⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 488
        8⤵
        Program crash
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        9⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        8⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        8⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        10⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        10⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
        9⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        9⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        7⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        8⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        7⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        6⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        7⤵
        
        PID:17240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        5⤵
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        9⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
        9⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        8⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        8⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        8⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        6⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        7⤵
        
        PID:18228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26197.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        8⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        8⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        7⤵
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        5⤵
        
        PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52136.exe
        9⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        9⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        8⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        6⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        5⤵
        
        PID:13652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13652 -s 452
        6⤵
        Program crash
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        9⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        8⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        7⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
      4⤵
      PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        6⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 492
        7⤵
        Program crash
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        7⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        7⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        6⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        7⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        5⤵
        
        PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        5⤵
        
        PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
      4⤵
      PID:17792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
      4⤵
      PID:17208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
    3⤵
    - Executes dropped EXE
    PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        6⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        5⤵
        
        PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
    3⤵
    PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
      4⤵
      PID:17216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
    3⤵
    PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
      4⤵
      PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
      4⤵
      PID:16468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
    3⤵
    PID:10436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
    3⤵
    PID:16272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        10⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        10⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        10⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        9⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        9⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        9⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        8⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        9⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        8⤵
        
        PID:18204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        8⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64171.exe
        7⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        9⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        8⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
        8⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        8⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        7⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        8⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        6⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
        9⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        9⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        8⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        7⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        8⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        8⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
      4⤵
      Executes dropped EXE
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        6⤵
        Executes dropped EXE
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        9⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        9⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        9⤵
        
        PID:17976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        8⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        7⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        6⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        7⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13616 -s 436
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47205.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        5⤵
        
        PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7678.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
      4⤵
      PID:17984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        5⤵
        Executes dropped EXE
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        8⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        8⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        7⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        7⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14160 -s 464
        8⤵
        Program crash
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64200.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17368.exe
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        5⤵
        
        PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
      4⤵
      PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
      4⤵
      PID:18280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
      4⤵
      PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58860.exe
    3⤵
    PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
      4⤵
      PID:18080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
    3⤵
    PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
    3⤵
    PID:16168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        6⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 460
        7⤵
        Program crash
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        7⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        7⤵
        
        PID:15136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15136 -s 436
        8⤵
        Program crash
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        5⤵
        
        PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        6⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        5⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
      4⤵
      PID:16348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        6⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
      4⤵
      PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
      4⤵
      PID:7204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        5⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
      4⤵
      PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
        5⤵
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
    3⤵
    PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
      4⤵
      PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
      4⤵
      PID:8008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
    3⤵
    PID:10640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
    3⤵
    PID:12832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
    3⤵
    PID:6732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47586.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        5⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
      4⤵
      PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
      4⤵
      PID:18120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
      4⤵
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        5⤵
        
        PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
      4⤵
      PID:16360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
    3⤵
    PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
      4⤵
      PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
    3⤵
    PID:9224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
    3⤵
    PID:12368
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 12368 -s 464
      4⤵
      Program crash
      PID:14168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
    3⤵
    PID:17752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
      4⤵
      PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
      4⤵
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
    3⤵
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      4⤵
      PID:17724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
    3⤵
    PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
      4⤵
      PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
    3⤵
    PID:11764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
    3⤵
    PID:16144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
      4⤵
      PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
      4⤵
      PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
      4⤵
      PID:16864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
    3⤵
    PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      4⤵
      PID:6220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
    3⤵
    PID:11900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
    3⤵
    PID:15960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
  2⤵
  PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
    3⤵
    PID:9372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
    3⤵
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
    3⤵
    PID:18128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
  2⤵
  PID:8524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
    3⤵
    PID:18072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
  2⤵
  PID:6764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
  2⤵
  PID:16248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4212,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=1316 /prefetch:8
1⤵
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5612 -ip 5612
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5672 -ip 5672
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5664 -ip 5664
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 13248 -ip 13248
1⤵
PID:14688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 13616 -ip 13616
1⤵
PID:14912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 14332 -ip 14332
1⤵
PID:14616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 12368 -ip 12368
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 14316 -ip 14316
1⤵
PID:14800

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe

Filesize
468KB

MD5
541287b8c5856334b47ae9af96b8f94f

SHA1
345e8da82c1784cb2c3ffce51d06240792da845b

SHA256
0e0d952bb790169357df371f1cc82d25e8f4a7fe7df205d47a89e8db0176b552

SHA512
2d324279cd792af8caad1b7f5b3436793b48f9026899c4454e1074ed63a97b45b458da7e25543f9da1b1f9486aec577b7cdb7ea1e725d3287b20b122949bb22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe

Filesize
468KB

MD5
1d4841b0fd27852ff489e81d66c04852

SHA1
c71c1de3d5cd860418f45bf93f641773073cfe53

SHA256
2224b5f71a313521f5819355f8e66c9c26a15bc1f31328eb236b838e69248469

SHA512
3e53bda29095733c7e833fe52781c4685221bc214a1610af9d83f42cb24f48e2b78e4b5d414e019505bc7bc56a57e3182c12110cc2906cda5c981d82b7d93dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe

Filesize
468KB

MD5
8b64cac267feaa4b25770e3ef5455b67

SHA1
1aa2fa2bb86014c1ae01bae5642c5617ab6bf0ec

SHA256
95982c362250dc736774c7ccd9f1e8936ec27e5649dc2e57970eb8b76eff6814

SHA512
d6df7b589375ad9dbd95bd866b8f772f1ce98c9cb2ff7e220f2fd33f62043085c53043f4380a7a6ba62511af730292bbe756aa5a243942c6d234d9d8509efa99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe

Filesize
468KB

MD5
59edbc8a28054efff06b1a723cfdf397

SHA1
dc909b268e1ddfecef0a5b135d433e3ff5161df3

SHA256
e65686967847a4cca3fb1f02da3ab3372601162bb63fbe10970438c06a2eea83

SHA512
2babcf714a93dd314c4ca7630b95118342347ef23c6887ffc2313916637856e43e053e87e162b60a1edaaeaf2622f002b35dc9bccbea0f3736efdbe3ee8e04e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe

Filesize
468KB

MD5
711194b666dce968e1facacafe015be7

SHA1
acfebce8c77aa0aab4453d7d5651cf1c9fe9fc66

SHA256
326683810cb2d3a73f5054f329b4d979a5fd5be5d4b5cb515f02804750a2938c

SHA512
f3ac82d02ef7584dbf2766fc69b674038d854be9fd536f6d38548900ec1f1438398aeb424628b16a5e3094949a9076f0eac8b62b0ef32b156b1222a1f0afef93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe

Filesize
468KB

MD5
0f02783d5ee455e1061bf84ccb203e28

SHA1
146af1edd085c8d9b4140bf0516d08e4acd9a6e8

SHA256
837e4011da10899fda8417196997b599cc3b4e1ca9a7af347e6bea11f0007d62

SHA512
da9dcfc69e64cf6f947a0f52ca8e1a33fc11aea48358c4c4055e7833d8a4fd056a095ee4b747be3f362a5af89723d646ee619d67c4dbd30ce3dfbc9a2c759c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe

Filesize
468KB

MD5
a6c872954c160a5a6ddd01f1d78487c0

SHA1
0febfd6d8b56613eef6cdeb727337d0a7d3b5143

SHA256
8e34790b193994d6b89b96bed2bb434534d976a4f0b5e82e8d34e0e581b21763

SHA512
9d2e7314ad64e3ff5c041b1d98dd666d3b03b734cfdf28b16bce6ab74a11977dd61b9b3e0594904479f53a75d1837762e1808d8023f2adaed72ac80a78bf4b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe

Filesize
468KB

MD5
b1c9ad2e494901f76477a37dc0bca6d1

SHA1
81951be8e56b23605d60bcbfd8ca01c84c3b8949

SHA256
5af8edda3961e476a8e3e3cbafffe3ea8b6062a1bb092761bd451e2bf06d9ca8

SHA512
61dd3fc291dcfc28b8d8388b755d0db3585e253ae26ab51a35a654e9c52745afedbc920f571e846b1b7de8621b9cf66912dab51b26195285d7cd75eddeff3cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe

Filesize
468KB

MD5
62fa29e50521dc0d92361eb604461096

SHA1
15c659d19a2b00d595f10b070b9ef43e3c64a266

SHA256
ce8737bfcdc8f2bd3e9777672a306825337b95b698dc6a5e75c90f7b3793bb39

SHA512
34710d713a33da3337d620b6b728d1b0ca38cea09abf171e91270b9339bef3662a07454115cff038405258809596dac035795e13ce2f26ad78151ea8a68c9831

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe

Filesize
468KB

MD5
ed240d530dc61d36ccef12bc9580aaed

SHA1
e919091d12e7f47a0b9b29aa1e519684a6315ae2

SHA256
56c823d09fe70676e7270f389211932acb0c095a302f08641aec5511733cf589

SHA512
6f2313b7b3923bffa1eee4449b56ea5e6e47ef66565cc1cf4eaa6948d63ba31c2ae199934f6684970022a0eea9c01781d330bfa6db2454fef40f68a36fd64dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe

Filesize
468KB

MD5
6e8f7dea578a02fca0dab88e8da9a0b1

SHA1
d280eb7df2b058344d158915e0121ca3450805ed

SHA256
58f97374c9e97684e4abad0054c17f426c8408d3cacb030029a6d125d08fda59

SHA512
bccc675fb1c994048471bfa29ae34eadfe3608379851c865ed330bee3c114f5772772712895771f8d088749feb0ea10a85e0aa025921ec642b3676da481d00eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe

Filesize
468KB

MD5
d6e0c860c1f0945009a0e07566654945

SHA1
8fd5df05c13f9bb3d0d095fe735af66c936534bc

SHA256
5dc9a10112295c8cddc5d0f58a91345ece8817b3b9d25cf7532417c540f247b6

SHA512
0708aa5a25aa74f1e4e445e773f07f0e65fa238a35e3bbb27ff8ed92152c41a6d46372a19e22a6eac26d75909488edfe6fe1dd07369c041073d023beeec7876b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe

Filesize
468KB

MD5
3976930402eb35791161a232c93f5d9d

SHA1
3f13b6ff2d083fb232f72e774744a2999346b7a0

SHA256
26928a7ffebc3e0c8873a6444826a64974e92b446dbbfaf579466c86365a22c0

SHA512
45be518e9c1c45dfc8495cfb3d8bcb2650b40f2ebcb67d67e3d978d23eadbdc45e1929afd0fc5b9aa7b2689d682aa517ec405f0ab609f0f6dc137189685b1707

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe

Filesize
468KB

MD5
d725a3a5a9644ec5266291480d34affa

SHA1
0b0782a38036eeadd0786dd8ac5e467829649347

SHA256
e3261e1e187168a207ff8c55531a29ce640d648762a519e4c621ea0a3f384023

SHA512
91bcbf1450db17e98b59c1ff4fe93c61dccea0059ceb3ce714855082ddd6b11b8c29f9785542b8ccc53859a1b6adb9b56acbed07a9a77fd05c478781d4dd278d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe

Filesize
468KB

MD5
39de1f01c8bc86a2df2d272f325fc638

SHA1
2898c2c0f14689480ed0fd8708fcc51b16d8e629

SHA256
6f8391525ca55d6c8b08e9311ab384b3e86c93997db5e03599c335df173befad

SHA512
07ede9ddb96bcf0aaf62492fe2176c16b85d090386a20ed8a27e9c890bb15c50a2dec2faa0feb7dc2818ae82868d3eedc1eb27c142b1a05bc003eb201920f6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe

Filesize
468KB

MD5
50e7bcc0bcbf7b949ef18a59e8b5f615

SHA1
7ce7e6087dc7cdae40f612292aea7256fdb8ed2e

SHA256
8c9290ad045898d6e0db3ae6c840bd53c0adb81999270beaef1106100b324436

SHA512
1c3a9e5b996f339317198869b8f28e05ecbf11a59372170423be30ba90e0193358db4b0543d2e85afc6cce05e25f264fbb2b1ae595b1dd055fff135007d339a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe

Filesize
468KB

MD5
f9945522b82922db7cc74eb74e6ec3a4

SHA1
7fedbb7ced5fcf7eff5548baa295d77f463f0a03

SHA256
4f90f334ee5e7142b9ae054b035c3556f816bfd2d8c503d970633c9677664918

SHA512
d7d608be0c82a2aacb4e86ca01b187d97dbe1c4684cf582bdf671a8d53e719d961593b8e248271f2dc9686e77e9715ab1660024490e2fdf5bc513236ee59a7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe

Filesize
468KB

MD5
9b7eb1d4749e8c63c7f70f2a29c6dab1

SHA1
5200870833c9b928e1cdedc89c27e2b0e7eb6cfc

SHA256
f253c29be301bfd5d4b027ed0c13c926b0cd89cd54786435e54fb2bb071f25ce

SHA512
92fd71cc22b0233b3ed98d00a04960f7fb2f80a59c3cf00e6674ffed4265db2f594681367536d49ec0cc270017020a232d6f23499de2a30e73820cf35fc533f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe

Filesize
468KB

MD5
fcce212528d680af2169108c21c5aee6

SHA1
fa1aa02d7e732ead01a1ff13ac0334ca7f845c75

SHA256
b677175cef710b32ed20690f052bc5691051bd1b8111afcee42a670a9eb900fc

SHA512
19dabb0fc5ea1b38fdae95b3fc41da5b8cd1f570068003d03b5f0d4c253aaecd1149b05c05413bff96b27df889b6eddbd2c3abbd246509349d9d41dfea78c7e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe

Filesize
468KB

MD5
c8c2d9e2eda16ecef11c8a21eb22092a

SHA1
486f53f1a7a926e0773a9196a75b274e126c349b

SHA256
3d4a7d3fbf78ff45221bb594e3c105b3d403ce7b36187e815837c44e12ddc5f0

SHA512
a390608e7a0a6e637a2d2d5d9aacd0353126268e7756fbf69fa0a2a197abacd3a0a437d817a85e7d62e0c66a9dbcb9ccf10664efcac6397115eda9b358e3090b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe

Filesize
468KB

MD5
874edd45ffecabe67c7a6d53cfa92a5e

SHA1
bc55580670aecdb01ebd8ca81ed6ea87b9bc11e3

SHA256
6e3893f4fdc8caf200fa111bd741316e488628279fb328a82626b6d5ba1cc37e

SHA512
dbf98520e3c41d0caabd798af1327f5926d35c73c4f93a02fde9a5d8aa8c555d521a9b4cf50132907a53f96358e5789b733c24516f07ae77a1ca9964b9596f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe

Filesize
468KB

MD5
944acfe273b983721b854b8c6e49bd59

SHA1
eb57961d84da6a024cdbd6455d93064ad7143b71

SHA256
0665b9b009ff1a08e0ec8a6048c9a4bc714b72275d8f488b361a180d77d5cbf4

SHA512
edb475b338284947eb13faa236458fa161cd64f80bd2b2fc7db17bfe8b7ef20d298c46d008c833b773ae56f08037144bd5bb404375ced279a754709702d9d9e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe

Filesize
468KB

MD5
0bc341fa3e9b8611aed3bc80c91559e2

SHA1
98d7ebc307e8699ce857e40d9aec32276cb74d6d

SHA256
8987a38bb7b5e2f754a43a886c77be6561d8b0f320ac93b9b3d369847e9e2b4f

SHA512
2070d25ea98860447016797a379e80f1c1776376ccb9bdec54a263e575a4cf6e85a7fd6d25ccc4155ec1d3ae843a926ef6845a8732f8ca25b7fd8d98a37d7c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe

Filesize
468KB

MD5
a90cdd7ddc4ab1b536d1f42b6b81cb26

SHA1
db66eb81675fa0fe17ea09d25aeba191ba7c269b

SHA256
14fa9a9d72da166f84ca3e4c07cfcece85494762d0bfa2a5c22f7d5a25004c99

SHA512
529c48cde9877aef96f0f38146cc2d5129740cb6dcbfa4c149c8d84fa90caa6e07210b7c2388fe7fc869c40fe45f4874f91bd87ac10473f6387e7297d9decbcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe

Filesize
468KB

MD5
05ffc20e8e7f5b53192488efe4260967

SHA1
168286aff1efcbb79e08ef80a4cc3e2336b4a74b

SHA256
70c5f34c3ba36f41eafea1b7029a490d3d85ebd32bee04fdf7e652e5caf2ab7f

SHA512
0d73bca7ac402fc92427269964aa681e52819ebb7c573132ced2bf9b9a34e85d694077a96357ae59ed904659477e0433c801ad3492be0b8d31c8f8a75f285812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe

Filesize
468KB

MD5
a14c15b8dc7cb280c074574147ac821a

SHA1
b89eb6519fc96c6a46d29a790fb4f2574a45ca81

SHA256
350d07ed6d75d67be9f3a921c307735217949814ed1ce81c17f205848a231a4e

SHA512
5688bb113fdfb1680d0d89d3eb99d5dc0b2066e6a506eeba2ac48d6637dbd0937d755832c8cc9ebde4f25f00f276f15d25cb3c4776a3efe1e122648ffa3ea178

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe

Filesize
468KB

MD5
f35ef584c57829830185d3fd05d07fd4

SHA1
3ba7cdd5325ea701d9c4474ccd17d1e24708a690

SHA256
760ab38940f8080729e4eec4cc6adf15aa64abc38eb73e46f92e951fe5e61df4

SHA512
c9727ceee662f806e71ddf859a71b1e07a737a9016211abf99be1e0be40987700e0f3c88c119ee4ee3fed4e07b3692a9cfa22cc4eeb0c8c67a2e24c11a32dc09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe

Filesize
468KB

MD5
706fde5b8175e0e2cb808a6e9bc5088e

SHA1
32a7c57ff3c35caeb716809ca78db1d5af2d6b02

SHA256
c850e6485e76dfe6e9412e34905272dea2be43e2b0be7bef0261a7f24c8593b2

SHA512
e45127c85087bcc515ce1ee462e714be84499ddc8be856d79d31debfa9e144afa9cf5aaedc03c7721c04003b6590039000fca5622bd628127401a529fc1a65a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe

Filesize
468KB

MD5
18e25248d52b9e9b750d019d564170ab

SHA1
042a34bfc30883c21db5057f53743506eb43b0a5

SHA256
284eb831550cb290106cd0883767885db7e8a7ba018abf1713fbb5ec97598ec5

SHA512
3141bb903ae8a3f525e2e03820882481ab44c3c3c1252894a9903dfc9214188b8f8b6882da757a97d6333aeefe6a06408f25cc40eeddbf4ff103f25b42ca91a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe

Filesize
468KB

MD5
42080a8b518adf9da42987c221baf870

SHA1
7ce738ffe1f41b10cfd2ea9560376f332b6e1f4b

SHA256
3f11f2504abaacde21772fa9ed75630e9972a77507a27145171ed05d58ce4d90

SHA512
3d7f50d85e213fd2e8e11c6bda2a956e913f761c011218eb1defa9936bbd933c7bc33bf53eb1c6af7c91ce38cd2771f1e0882d6aad1319ae2bab52fdbaf1858b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe

Filesize
468KB

MD5
a976dec40a519dee1c5a4d4b0c56f4c3

SHA1
d33cb070ac3d56d6763455bdac1b818979e6218d

SHA256
cae8243829e488f2cfc977b03b02840a9a7b883c4e8474676a59c97b9ed7266a

SHA512
5c685cd3e4a10ae0eabad07dbc9a2b4c6810230706b3feae3ea01ff8b45e9f16c18ba76fa04dde0439535cbd3cc998be437a93df0fe01c0a4f0ac974f770632c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe

Filesize
468KB

MD5
26a521618e9619dffb54b0ecff3821fd

SHA1
dba7f4c265ae013525ef657e1555d4a32fa20a03

SHA256
c75373368141e94132d0c48d5ebab12c68301b182d56b1a76c7da183580495c8

SHA512
034d484755d3257f928012b84bd172ca0165e2fd49677d5e95c9dc15938831c8d0c2d493e3ca5488a6482df93efcfc76382284c704fe80b1e41a7330ee3ac51f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe

Filesize
468KB

MD5
8f3f77081b539f945cbf81d7ac3f8ab0

SHA1
064d32dc5941a5b3ce52fb09a488888f96e3a7fb

SHA256
59a1cf83183aef0bb5e7f3164d356710844b75d887d8b0cc4697fa1aa3234166

SHA512
40fb159b7d3144129313333c4eed1b1e94d4ade53976df0a70705c5628b6dfebe61a34a4f3478c0eea0648f989aa4c97fccb1a4bcb540396b2bc6fc054f314b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe

Filesize
468KB

MD5
510b682c65c9bc3c0c181a48226e950e

SHA1
f1b4d7308fcc56f6429b05bf25d6cf7835e680eb

SHA256
d939d662edf29462090e17d553ec88e2479c43afd824693bc1acc409f8a4ab2b

SHA512
1cfcee5ed55ce00dae44610646077372abc7143a196490587f1db26785e68d085c89b2a20ab571df2a1de408c7b8f72be93148cd05b0d732953f1662d999d4eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe

Filesize
468KB

MD5
e3e160992e4bfa2576fa3b898dabff12

SHA1
7ec5170c544f0da738edd4086cf5002463933249

SHA256
0b69c8ec61c7889c1fcdd602bfd8fccccd29ad89fcf9d7639b87c568d4f9b208

SHA512
f0bf3cde18c0d6ea6085d06550c4636b238dd3a9e2e0d13939bde579ac108f675d8f36b0f3c7ad903c2662e9a891e5b4529a685061bb5c4945ab5a4f07426dfe

Download Submit
memory/8-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/224-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/432-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/752-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1204-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1292-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1304-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1428-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1744-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-16-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3224-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3264-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3380-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3544-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3584-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3704-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4160-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4172-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4856-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5168-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5300-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-775-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5536-776-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5544-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5552-777-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5564-778-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-745-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5620-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5632-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5648-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5664-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5664-754-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-733-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5912-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5932-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5948-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6016-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6032-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6056-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6068-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6088-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6900-774-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7036-772-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13252-2351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14248-2366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14600-2387-0x00007FFF9A5C0000-0x00007FFF9A643000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads