5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 22:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe
Size

468KB
MD5

00e6a994a9ef670526e341ae0b556620
SHA1

61e5c1bff4ff4fa403bc5bcc66c719691a9bb5ee
SHA256

5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda
SHA512

a75fb1bdee39f011bb670179c86fa9aafdf609a09d233a252e9bb7666227e4825f9a6268bc90e13f85b32921084f8f010f03841e77bca204a12971fa0bbb8bb0
SSDEEP

3072:7+mnogTIj28UWbyIPx3/8f8/oDkjyQplPmHBNTHCA6L+8Ti/Evlx:7+WotXUWxPZ/8frss8A6Kmi/E

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2224	Unicorn-23620.exe
1840	Unicorn-75.exe
4736	Unicorn-10936.exe
1176	Unicorn-57226.exe
4800	Unicorn-42736.exe
5012	Unicorn-29000.exe
732	Unicorn-14055.exe
2228	Unicorn-45898.exe
4580	Unicorn-31407.exe
4908	Unicorn-64180.exe
3708	Unicorn-16852.exe
3636	Unicorn-17118.exe
4836	Unicorn-43760.exe
1708	Unicorn-58705.exe
4068	Unicorn-54621.exe
684	Unicorn-59686.exe
2908	Unicorn-54211.exe
4744	Unicorn-61632.exe
4684	Unicorn-26557.exe
2772	Unicorn-53464.exe
5004	Unicorn-39166.exe
1416	Unicorn-62300.exe
4920	Unicorn-2893.exe
1292	Unicorn-2893.exe
3836	Unicorn-17284.exe
1400	Unicorn-48010.exe
3524	Unicorn-5586.exe
2100	Unicorn-54787.exe
2352	Unicorn-185.exe
1888	Unicorn-17284.exe
3436	Unicorn-50511.exe
1868	Unicorn-32058.exe
1904	Unicorn-30666.exe
1352	Unicorn-26604.exe
2432	Unicorn-40894.exe
3520	Unicorn-47024.exe
4368	Unicorn-16298.exe
1644	Unicorn-16298.exe
5116	Unicorn-56376.exe
3676	Unicorn-63915.exe
3212	Unicorn-3038.exe
3312	Unicorn-6183.exe
1036	Unicorn-63287.exe
3768	Unicorn-28742.exe
764	Unicorn-16490.exe
4656	Unicorn-33493.exe
3540	Unicorn-11590.exe
3956	Unicorn-46401.exe
2724	Unicorn-31456.exe
4500	Unicorn-62182.exe
2144	Unicorn-62182.exe
4200	Unicorn-64875.exe
832	Unicorn-11035.exe
3860	Unicorn-56707.exe
3156	Unicorn-41305.exe
4632	Unicorn-2675.exe
3240	Unicorn-62182.exe
4604	Unicorn-33402.exe
4340	Unicorn-3852.exe
3216	Unicorn-49830.exe
1048	Unicorn-49830.exe
4972	Unicorn-27926.exe
60	Unicorn-1113.exe
2032	Unicorn-30448.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
6636	2560	WerFault.exe	159
13920	12744	WerFault.exe	576
16228	12744	WerFault.exe	576
13936	9736	WerFault.exe	465
16348	16120	WerFault.exe	787
4652	3628	WerFault.exe	722
12952	16280	WerFault.exe	933

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33627.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3788	dwm.exe
Token: SeChangeNotifyPrivilege	3788	dwm.exe
Token: 33	3788	dwm.exe
Token: SeIncBasePriorityPrivilege	3788	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe
2224	Unicorn-23620.exe
4736	Unicorn-10936.exe
1840	Unicorn-75.exe
4800	Unicorn-42736.exe
1176	Unicorn-57226.exe
5012	Unicorn-29000.exe
732	Unicorn-14055.exe
2228	Unicorn-45898.exe
4580	Unicorn-31407.exe
4908	Unicorn-64180.exe
4068	Unicorn-54621.exe
1708	Unicorn-58705.exe
3708	Unicorn-16852.exe
3636	Unicorn-17118.exe
4836	Unicorn-43760.exe
684	Unicorn-59686.exe
2908	Unicorn-54211.exe
4684	Unicorn-26557.exe
4744	Unicorn-61632.exe
2772	Unicorn-53464.exe
5004	Unicorn-39166.exe
3436	Unicorn-50511.exe
1888	Unicorn-17284.exe
1416	Unicorn-62300.exe
4920	Unicorn-2893.exe
1400	Unicorn-48010.exe
1292	Unicorn-2893.exe
2100	Unicorn-54787.exe
2352	Unicorn-185.exe
3524	Unicorn-5586.exe
3836	Unicorn-17284.exe
1868	Unicorn-32058.exe
1904	Unicorn-30666.exe
1352	Unicorn-26604.exe
4368	Unicorn-16298.exe
2432	Unicorn-40894.exe
1644	Unicorn-16298.exe
3520	Unicorn-47024.exe
5116	Unicorn-56376.exe
3212	Unicorn-3038.exe
3312	Unicorn-6183.exe
1036	Unicorn-63287.exe
3768	Unicorn-28742.exe
764	Unicorn-16490.exe
4656	Unicorn-33493.exe
3956	Unicorn-46401.exe
4500	Unicorn-62182.exe
832	Unicorn-11035.exe
2724	Unicorn-31456.exe
4200	Unicorn-64875.exe
3156	Unicorn-41305.exe
3216	Unicorn-49830.exe
3540	Unicorn-11590.exe
4972	Unicorn-27926.exe
3240	Unicorn-62182.exe
4340	Unicorn-3852.exe
4604	Unicorn-33402.exe
1048	Unicorn-49830.exe
2144	Unicorn-62182.exe
3860	Unicorn-56707.exe
4632	Unicorn-2675.exe
2032	Unicorn-30448.exe
60	Unicorn-1113.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 2224	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	86
PID 4976 wrote to memory of 2224	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	86
PID 4976 wrote to memory of 2224	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	86
PID 2224 wrote to memory of 1840	2224	Unicorn-23620.exe	87
PID 2224 wrote to memory of 1840	2224	Unicorn-23620.exe	87
PID 2224 wrote to memory of 1840	2224	Unicorn-23620.exe	87
PID 4976 wrote to memory of 4736	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	88
PID 4976 wrote to memory of 4736	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	88
PID 4976 wrote to memory of 4736	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	88
PID 4736 wrote to memory of 1176	4736	Unicorn-10936.exe	89
PID 4736 wrote to memory of 1176	4736	Unicorn-10936.exe	89
PID 4736 wrote to memory of 1176	4736	Unicorn-10936.exe	89
PID 1840 wrote to memory of 732	1840	Unicorn-75.exe	90
PID 1840 wrote to memory of 732	1840	Unicorn-75.exe	90
PID 1840 wrote to memory of 732	1840	Unicorn-75.exe	90
PID 4976 wrote to memory of 4800	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	91
PID 4976 wrote to memory of 4800	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	91
PID 4976 wrote to memory of 4800	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	91
PID 2224 wrote to memory of 5012	2224	Unicorn-23620.exe	92
PID 2224 wrote to memory of 5012	2224	Unicorn-23620.exe	92
PID 2224 wrote to memory of 5012	2224	Unicorn-23620.exe	92
PID 5012 wrote to memory of 2228	5012	Unicorn-29000.exe	93
PID 5012 wrote to memory of 2228	5012	Unicorn-29000.exe	93
PID 5012 wrote to memory of 2228	5012	Unicorn-29000.exe	93
PID 2224 wrote to memory of 4580	2224	Unicorn-23620.exe	94
PID 2224 wrote to memory of 4580	2224	Unicorn-23620.exe	94
PID 2224 wrote to memory of 4580	2224	Unicorn-23620.exe	94
PID 4800 wrote to memory of 4908	4800	Unicorn-42736.exe	95
PID 4800 wrote to memory of 4908	4800	Unicorn-42736.exe	95
PID 4800 wrote to memory of 4908	4800	Unicorn-42736.exe	95
PID 4976 wrote to memory of 3708	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	96
PID 4976 wrote to memory of 3708	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	96
PID 4976 wrote to memory of 3708	4976	5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe	96
PID 1176 wrote to memory of 3636	1176	Unicorn-57226.exe	97
PID 1176 wrote to memory of 3636	1176	Unicorn-57226.exe	97
PID 1176 wrote to memory of 3636	1176	Unicorn-57226.exe	97
PID 732 wrote to memory of 4836	732	Unicorn-14055.exe	98
PID 732 wrote to memory of 4836	732	Unicorn-14055.exe	98
PID 732 wrote to memory of 4836	732	Unicorn-14055.exe	98
PID 4736 wrote to memory of 1708	4736	Unicorn-10936.exe	99
PID 4736 wrote to memory of 1708	4736	Unicorn-10936.exe	99
PID 4736 wrote to memory of 1708	4736	Unicorn-10936.exe	99
PID 1840 wrote to memory of 4068	1840	Unicorn-75.exe	100
PID 1840 wrote to memory of 4068	1840	Unicorn-75.exe	100
PID 1840 wrote to memory of 4068	1840	Unicorn-75.exe	100
PID 2228 wrote to memory of 684	2228	Unicorn-45898.exe	101
PID 2228 wrote to memory of 684	2228	Unicorn-45898.exe	101
PID 2228 wrote to memory of 684	2228	Unicorn-45898.exe	101
PID 5012 wrote to memory of 2908	5012	Unicorn-29000.exe	102
PID 5012 wrote to memory of 2908	5012	Unicorn-29000.exe	102
PID 5012 wrote to memory of 2908	5012	Unicorn-29000.exe	102
PID 4580 wrote to memory of 4744	4580	Unicorn-31407.exe	103
PID 4580 wrote to memory of 4744	4580	Unicorn-31407.exe	103
PID 4580 wrote to memory of 4744	4580	Unicorn-31407.exe	103
PID 2224 wrote to memory of 4684	2224	Unicorn-23620.exe	104
PID 2224 wrote to memory of 4684	2224	Unicorn-23620.exe	104
PID 2224 wrote to memory of 4684	2224	Unicorn-23620.exe	104
PID 4068 wrote to memory of 2772	4068	Unicorn-54621.exe	105
PID 4068 wrote to memory of 2772	4068	Unicorn-54621.exe	105
PID 4068 wrote to memory of 2772	4068	Unicorn-54621.exe	105
PID 1840 wrote to memory of 5004	1840	Unicorn-75.exe	106
PID 1840 wrote to memory of 5004	1840	Unicorn-75.exe	106
PID 1840 wrote to memory of 5004	1840	Unicorn-75.exe	106
PID 4736 wrote to memory of 1416	4736	Unicorn-10936.exe	107

C:\Users\Admin\AppData\Local\Temp\5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe
"C:\Users\Admin\AppData\Local\Temp\5e8e1ee144e6df18f6843628c245656660a43fc3707e4587e20ea34ea0567cda.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        9⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        10⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        10⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        9⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        7⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        9⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45073.exe
        9⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        9⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        9⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        8⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        8⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        8⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        7⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        7⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        7⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        6⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        7⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        9⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        9⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        9⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        9⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        8⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        7⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        7⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        6⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        8⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        8⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        7⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        7⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        6⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        6⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12744 -s 464
        7⤵
        Program crash
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12744 -s 484
        7⤵
        Program crash
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        6⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        10⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        9⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        9⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        9⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        8⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        8⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        9⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        8⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
        8⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        7⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31206.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        6⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        6⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        6⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        6⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        8⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        7⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        6⤵
        
        PID:180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        6⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        7⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        6⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        7⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        7⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18017.exe
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        5⤵
        
        PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
      4⤵
      PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        10⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        9⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        9⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        9⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        9⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        8⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        9⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        7⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35255.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        7⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        7⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        6⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        6⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        9⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        9⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        9⤵
        
        PID:16280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16280 -s 436
        10⤵
        Program crash
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19363.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        7⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        7⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        7⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        5⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        6⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        5⤵
        
        PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        9⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        9⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        9⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        9⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        7⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        7⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        6⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        6⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        5⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
      4⤵
      PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        8⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        7⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 656
        8⤵
        Program crash
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        6⤵
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        6⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58323.exe
        6⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        6⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        6⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        5⤵
        
        PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
      4⤵
      Executes dropped EXE
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
      4⤵
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        7⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        5⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        5⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        5⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        5⤵
        
        PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
      4⤵
      PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      4⤵
      PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
      4⤵
      PID:8024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        7⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        6⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        5⤵
        
        PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 724
        5⤵
        Program crash
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        5⤵
        
        PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
      4⤵
      PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
      4⤵
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20988.exe
        5⤵
        
        PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
      4⤵
      PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
    3⤵
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        6⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        5⤵
        
        PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
      4⤵
      PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
      4⤵
      PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
    3⤵
    PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
      4⤵
      PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
      4⤵
      PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
    3⤵
    PID:8564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51514.exe
    3⤵
    PID:13132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
    3⤵
    PID:16132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        9⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        7⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        8⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
        8⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        7⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        6⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        7⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        6⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 464
        7⤵
        Program crash
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        7⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        6⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        6⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        5⤵
        
        PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        6⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        5⤵
        
        PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        6⤵
        
        PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        5⤵
        
        PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        5⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        8⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        7⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        6⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        6⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        6⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        6⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
        5⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        6⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23309.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        5⤵
        
        PID:16120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16120 -s 84
        6⤵
        Program crash
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        5⤵
        
        PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        6⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        5⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
      4⤵
      PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
      4⤵
      PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48368.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        7⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        7⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        7⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        6⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        5⤵
        
        PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39384.exe
      4⤵
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        6⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        
        PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
      4⤵
      PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61134.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        7⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        6⤵
        
        PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        5⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        5⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        5⤵
        
        PID:13176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        5⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        6⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        5⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
      4⤵
      PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
      4⤵
      PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
      4⤵
      PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
    3⤵
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
      4⤵
      PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      4⤵
      PID:15992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
    3⤵
    PID:13240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
    3⤵
    PID:16020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
    3⤵
    PID:16564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        7⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        6⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        6⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        7⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        6⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        5⤵
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
        5⤵
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        6⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
      4⤵
      PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
      4⤵
      PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
      4⤵
      PID:16104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        5⤵
        
        PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
      4⤵
      PID:9736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        6⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        5⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        5⤵
        
        PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
      4⤵
      PID:8968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
    3⤵
    PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
    3⤵
    PID:8284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
    3⤵
    PID:13212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
    3⤵
    PID:15560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
    3⤵
    PID:7324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27606.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        8⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        6⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        6⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        6⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        5⤵
        
        PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        5⤵
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
      4⤵
      PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        5⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
      4⤵
      PID:13748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
      4⤵
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
      4⤵
      PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
      4⤵
      PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
      4⤵
      PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
    3⤵
    PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
      4⤵
      PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
      4⤵
      PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
    3⤵
    PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
    3⤵
    PID:13564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
    3⤵
    PID:16556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        5⤵
        
        PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
      4⤵
      PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
      4⤵
      PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        5⤵
        
        PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
    3⤵
    PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
    3⤵
    PID:10888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
    3⤵
    PID:14652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
    3⤵
    PID:14056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
    3⤵
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
      4⤵
      PID:17548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      4⤵
      PID:9832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
    3⤵
    PID:9572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
    3⤵
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
    3⤵
    PID:15432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
    3⤵
    PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
    3⤵
    PID:12604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27462.exe
  2⤵
  PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
    3⤵
    PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
      4⤵
      PID:1340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
    3⤵
    PID:10248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
    3⤵
    PID:9604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
  2⤵
  PID:7736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
  2⤵
  PID:5040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
  2⤵
  PID:1156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
  2⤵
  PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2560 -ip 2560
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 12744 -ip 12744
1⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 12744 -ip 12744
1⤵
PID:15912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3988 -ip 3988
1⤵
PID:4128

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5904 -ip 5904
1⤵
PID:13452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe

Filesize
468KB

MD5
65993b595df0503e33016bb32b254722

SHA1
06cceee8b81dfb7f3e4a2629f5b5518ba752a77c

SHA256
bbeb830a9e0b56ea881e545e190b331d160e412e6611a83befdd219bf3d0e08b

SHA512
eb015c21b0029a9a90445ea0e97f015ee78ccf73e49cc53220ff6f99cafce3e87945311c6711248f12e1aced9ee640e38002549fa001143e826d103a2db19693

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe

Filesize
468KB

MD5
fb16d51dec9b40c16d5b5f811928c40c

SHA1
ecdabf2a5b8f54275ea77bfee9700c886a4aec17

SHA256
0c1224e4af2ebb3c7190924a92b4e418f08635e7013ee3a186fff9844616da73

SHA512
0ba9db9958dfc12a6ad2b45b91d1f9ef9d90b1244d1d4b8e00b428c320036a29a9b2bc26aaf43e392dfbbe245ec8fd523c910a27b28b89db84fcf9d25fd0b748

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe

Filesize
468KB

MD5
9aa3fbf0c547e574b078b8fc0cb87b73

SHA1
eea098d665879ff843d40edea17b73459acc239f

SHA256
447f94c3ad0f330033ad6374f05815cf6dc77d7659e0d540398c515ab2f59e95

SHA512
7e68e127a3b32bb842a946efa736d80eaab11e58c99168351b2f96e31274cd229d9c6f5170d958c881a8d5d7b775a5dc2d351426e7638c4a1a2c2c6b3e811a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe

Filesize
468KB

MD5
a5427d14550701d2f07ba4fcb40b5f06

SHA1
2bda646d473b5de3939fe812633203c70179d302

SHA256
69937ebc5803b737e1c4cb959e342dd93549a33c50856025bb3136127ab1ee55

SHA512
3d82471b336111bc2d70546e4cfce97ca6f34913bf84feefd5bc518495302a877580b879583dede99b3201c0dac9506374b899b8187dbfc26882370565e5dfb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe

Filesize
468KB

MD5
79e2e72e5b0b4b5d37d1c890dc79d817

SHA1
58e8bc4c96ec7378351e76c3d8a66cae7633716d

SHA256
0b875bd09d60b39f773b0c7b05808e09dce3afbf749149cb7de3dc4bbad14a0b

SHA512
836feedd4559f76997dc2fb2f7e8aee86a3b88bbc1db2a7c021446033abc59e25ba5fb05357964967ed1ae40f92c0346504a1f7ac6944cd90824065c58e9edf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe

Filesize
468KB

MD5
bbf4f356b53b35b86ceba085eac72b55

SHA1
a09c4def77c8e4ce13d80cdbc1745c6745fa873b

SHA256
5903758c601651b085c1e335418ad630c1517739f00d98b8120cc060f522ca30

SHA512
6669a50838f4b548deb44a6abe9fd128af145ab2a3cc94b57961649385b3d60f46fc39aa2df65ba521fe9256815494573c52e63d9a05844d557190c32de35c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe

Filesize
468KB

MD5
f156c00380a6840cba18fb662c9a86a5

SHA1
54a0b831311f2b0bf5a99bec86e3c007bc2376fc

SHA256
dd922c621883eb2208770317aedcd5fccb9c293204b59212ff190cb67ad1b344

SHA512
e1d403a1095fb3502dffc69ea54b5c6cdf22e9685b6b42fa6af6ca31f1696a089d9d1104140d0370968780166fcebc512af8a4397dc6119a7f443ecbe8bea0e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe

Filesize
468KB

MD5
e18449565b29884c25329c03c49bdc5d

SHA1
7eeb0ccd99e9f9e38e70f9b6befb547db5999e5a

SHA256
df99a3682b0f538c838ff2d64915ecbf9afa502770229c6555173eff74c4d34f

SHA512
f2a9be3ad3ce065735cb47c03546892508df659d945d3c66de1e9433b26770174211153e2ad57461b358d3a57fb0eb2df4898c0865aa242de279e20e13f38a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe

Filesize
468KB

MD5
80e6ff1ad55fa1369762af6b06f5a32c

SHA1
511cfcdd1bbe217e90ccc6c75ca5f4a4d44bfce7

SHA256
cde093455ecf7f07c1efc60e17158f50d406a62128878e9b6a4ac5aef74f6f6c

SHA512
76979105a9f0818ae03255a39845e866fd21d803453505b46a6061a9d32872d7a7f2699aba300c9c1733c9e303fcadb9597e03337f776e75db2474a1c00a1266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe

Filesize
468KB

MD5
4971541b841fdcc1109bce15ae34c368

SHA1
48a678fe975b8c949d345cb02ae54556fd5f9c17

SHA256
ec8f02b2e6c87336e61aec412c8752d0aa06d434c04ad1145c6185eb1a0c7f81

SHA512
cd57ed7769e410e866a25ac9d9928686a377f3de67c1af55bdeeb267440a461e50f74774218858bb9782a5e8a5cb69be39cff4b59aa62e09a5d93681c2ec600e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe

Filesize
468KB

MD5
4b375498c4e2698049039cb413199d6b

SHA1
1230ad2852c0b238e8d2250732d57fe003aa7b99

SHA256
be02e59315078190fa0f13b84d976c6510b1f300240bf66d04717a0aed009e89

SHA512
9f9c752188f7ad0d2145492d8285d4847641948aab2a347aef6f845bbd30c68a6659ea9f3f35383a6a9a275b431925d9f14a02d099d3b3f44c8305c71bd92b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe

Filesize
468KB

MD5
6c7c27f90f9976c761dd71e36a9545e7

SHA1
8959c21e7c6b6dbdc28175d4d76aa809245418d0

SHA256
e850c8255540ec83570c6f9fae7d8cc25f84611c68e75b89af10327165c2ccff

SHA512
70f960687e68048ae174993e0944684dd21eb3d12f08c325d5aa54a85b88a76a1af122d06c56d5b4043949bd2a4d11efe684b2bddc751ecda075607bfcae709a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe

Filesize
468KB

MD5
97dd08384b88df1bac7460bd17ec1d11

SHA1
9b337edca5005b5ca111e85f418e6b6bb6eda904

SHA256
8c1dddfb16e97c8b1b85f05e3eff1a0f50906897961a9cc5e348684790cbeaa0

SHA512
bcf453ec67d1594fa5c670a73c73ef31fd99767af182b0de9babd8052e37ec7f0af6620ba07839672622412abfb43835cc8333dedff983c96b9379e3f30550c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe

Filesize
468KB

MD5
313e618450124a2e20b10a64000e4868

SHA1
cf6267c4f59e296151ebb091b8584e0370349b1c

SHA256
c7258c41fd915476d13725f5c341fc4c6e0ae82b954e2b8450ca6492ad3a2e4e

SHA512
85e85d99a13d957272b928b1a6ab226e985378f809c9162e3eff38c030c621fcc5b35f88483d85d8c18de9fa65beb0c37af7909c8bd1048e61e41468a6610b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe

Filesize
468KB

MD5
9476c8f2776d741df3be572371632972

SHA1
f8b993d49488815a167605a1204e408fc0316747

SHA256
5fc651a0b771a5dd08f68177d3bde50f35909a18a5c84bd68c5cadcfebc0d188

SHA512
35a1e7f47d3fceec94a130696e6a6ff1ebfda749452a4d083ed7a661d7241f238a9771bf277f90362bfe2aa2c0cf14148d06f728edd0aa6cec1ef347b01d349e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe

Filesize
468KB

MD5
b3e259c59d441120d52ecaf5d1dc8e7c

SHA1
30962fe12a516ab1e409e321798327a7cc0177b2

SHA256
39853caec24c04387b52f08de6f327112c63349c0c5181246c720edb6bcc4064

SHA512
6a79490c252f87c488c2455adaff90ee43764b622e020b916c1d0018649433035b355808a8dcb402f97a88c1f5c92dbb75c43b91b43ad77fa070a182511fa9f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe

Filesize
468KB

MD5
e849bf773c6db1f64fc6e8a13ab3f37d

SHA1
985d65b72364d94dd90d3367dc75128c0e514950

SHA256
97de6b2f07b269f192ed33b513683d2b2714206716a960eaf74f549d4850ef50

SHA512
c172dabfde0ab8dfc5ab4e716826d98415867360e15657505b4435fd37faddf04d5bd6f319b92eff40a111763f5a758907978599c09f40bc7ca0fa1ae5f473c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe

Filesize
468KB

MD5
0712e2ec13d6c1785dc5da7ddc9e5614

SHA1
9fb20e54898862d9b3a6854de1d05c682a79ec9c

SHA256
b3fd131518a377365c99205c5371131e77b04ac4fce7348dba50d12645af8265

SHA512
f774481e449a1c70c88074316980bf3604cbf73b1f834cd34ec944bb0f673489d7c3fde974b8af79fcdb0ba9bf523c889d86e39fcb29edef9121e43186c710ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe

Filesize
468KB

MD5
fa78c11d1541ef18573124da66a88dc3

SHA1
aef0a5938e747f924683a51f310a55f0dc611ac0

SHA256
9c83a1dcd0f339409eb21d3cdd25fa74aea2995808da0499697a0d631cfb47e8

SHA512
aeec43377370d50f2ca74a5a81d263ba5c125b67d72eb8b9ae97d017c2967f288252050ff780bee1d02121ca6800c52917644993dbdbf865a7d9d9298b2ec78c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe

Filesize
468KB

MD5
a17672aa76bfab9e80493d4502cdcc67

SHA1
0932a89ccaec0cf50817830dcffb855edd2ef522

SHA256
ed662cbd882cbae27f06713f415b35ae4cb9d2674a56026d7f6b02bc3448644f

SHA512
6a5fcaf8e01f8c4b4741b63a9085b692d7a790f8878ed0d4a1eadb0b8985da910c5bc2fe7f07a33abae5049fcf7197cfc9fc0e4dd8ad418e0b191e839a181736

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe

Filesize
468KB

MD5
aaf1574d64b4baecb70add3714f37514

SHA1
38bfe8821083560c2e909b043abc29671ec0d61e

SHA256
76d0edf3cda629d9bdf29671f0d5e5dc0971199b8db237343db3b083f61a02be

SHA512
f319d00af37776230e438741fedb1b8083fa390972450869a3dd731770b49160336c307bc40ca9348fd8a55b2a98c8b7410b9d7ef8f915fc11939f8aaf86c580

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe

Filesize
468KB

MD5
4b994c8ce8b3b7d7d2be4e0e9d04318a

SHA1
99201f2526bdfce3b91d5e9766e9b7249058b630

SHA256
2557cb9b7aeb6b7ecb72173f3185e8912d81222f923fda1cfe92380136d6fb67

SHA512
500fd4c2d976f5a3447fb8b0540097ad5c300fb9696de7d747eeaff1472dcce421cc6f66708af1088040ed2d4fca377525adfbc1b30e7a687810e9c3ab726ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe

Filesize
468KB

MD5
929145c21320285d505329f79bbdcd63

SHA1
e1de80aa199fa50dcd3cd011b757a5e7c5f65421

SHA256
d842e6978feaec2f24768cdfa1b3488f6e9f787522b69f1aa6a14926fe6c5557

SHA512
4733ef0b087ba501617fbacd738eafd149959403cac70deb388f8e04145066b826a80ea0c3d31d34c3cfd8165f10003b0453922a714f20c9d944c50daf094bbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe

Filesize
468KB

MD5
13e500ed4b67038e92c997c23bfb4468

SHA1
e4bd00f1af40ba5a5eb90dbf771f9ecbdc482a43

SHA256
268c491c9a1632b05682f0b76d1d2948c949799f691f8d7274cb9335aa3037fa

SHA512
509e0c3d31b65260227e432f8d8e99c44d4631d27a5e2b0b2b98e256c6ba174d95c0e17512770ef8381a050ef02e60a01789d49cb52858146b0b4f970a12e582

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe

Filesize
468KB

MD5
a757712ac7266fa99685b7612dde466c

SHA1
0f512d7bf72ccde8998aeab4f64207e7f07b94f9

SHA256
c9da80f8dda56bb8ad6d6ccd8f6cbd294f7df671795a3d340925831a72da6d56

SHA512
8bd3d431099f349c7908f566a03a4a046a7cf313d5992a61766e95ce5e201e5ae6a167bc61a01ccb70f236832e6c8c7df662ad73a7829f1d9fa1fd4052652373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe

Filesize
468KB

MD5
cf1ebf6211d2ebe128ed869c320327e0

SHA1
8936fc8ee7dcb3c68a8f51fab0180ee43bc0769a

SHA256
42a4c3cb434f9d25f8dc11149395f8b532278556ecb906ef16121cefa516f0a8

SHA512
ae7bd3e6b4f33e8c610153abd1532956326e6dd8f0028d61934f7a05e93416b04f3f2e4e585e4586c4ba162e749d273483be982398d4d0c6f0fb3b6bafeb2b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe

Filesize
468KB

MD5
7a7949a5c8d7c12455cb5f82b0a4812e

SHA1
b0ac40be1375d2c12340f1f2278db35d290717db

SHA256
1dbc06b0782f49c2a50931597d0e70f43a403ece93b11a76a940aed1040b7128

SHA512
74f3bf47cf2c202a0ab1636a1d9bb950cd3f5c367d0291b694379cb183056472819491f89abce59b4f173e1d490bb06b8aa343eeea0b7800842a8d87679afce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe

Filesize
468KB

MD5
690ad5139d442fb6ef6e9d4a720521e9

SHA1
8172579acc2f88eff2ffa650265a7c6c471d8a66

SHA256
f3c1a027cb123c92d792cf1043d6960896a5a67509e8560cc9d0cff65d457233

SHA512
e9c558518f7436dc19a17af20d66284a795b4ad534ebce9e1637c246f3c099cac66f1ca57b7ff1314f58c34cfb920fc2cbb18b31bbb87cdf033cbc399060cb31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe

Filesize
468KB

MD5
1c0adf86e79806726f99f1298c0277ba

SHA1
98487ed8570971140301af9cf61a4d3c2c13bdea

SHA256
60a4c1a782ee01dd2f4504d8e1415eef97ead55338880a2a0f289a0dce392c0a

SHA512
b4270ab82a134ef6e75e1aa117d8281ffe393148b8edc9a1f27e59dee75d89c82076fa96b24eed8cba10bc315484cc95985704c2d11c2478296e7605df85972c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe

Filesize
468KB

MD5
f8780ecce88bab872a4adf8075375035

SHA1
4584b90c2ed37e846221f67c05c74943768765cf

SHA256
a2b027f262e244b7428dc2975d986f1cb0fbcd8cc816e219a02460c663c585af

SHA512
18e812db3537c4965545152be54bc2d2bdc3664105e9ec8e22bd500702ef6c61b7f9b676a4e4d7c3bdf80b50400e12ebd922bce1042885790da3ac1cd4b54c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe

Filesize
468KB

MD5
18d4681fb25841fe584f2c40695820db

SHA1
4d941a26d255cedb19d6a17e547af35fd8b6d760

SHA256
d835bdfb281556c24db5a6dcaf14409dbe6e5b9b7da7797d8f259e5bc9b06e1a

SHA512
6dbb3f698d465efe5758b5925f33cecb17e792711b60ee765fc9b17375440e799efe6e512979247376273cf95d8b7307532d7f87762fac516860663be36d4e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe

Filesize
468KB

MD5
065703598a5c5c72c179634d027cfa14

SHA1
5824c805422b4529d401b47d587bc66a6e1df02c

SHA256
b8bd4b7e2d755e086df66824e69c5d9815bdae7cccdfb177a5b9d6c7dceaa8af

SHA512
a1c0f3548285768e789a5e893df6cf60b7cca3c82d63915f8c1e430cefa1b8e753b05ddd64f4c8cb8354833d1cbd9c49bf3f2ade5a7099a8b5df4e0c4c2f1555

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe

Filesize
468KB

MD5
8341c651c2b78f025560ea7036cfa546

SHA1
86b5e15fb2eaff065c3dda59ab9c07262b3f3a17

SHA256
95ab950f72593c315b5a468ef3e55f3e7eb467356a8998926d62d02d81c2a778

SHA512
dc2261537c37a3830f78a9762ca131ef206313806cccbc8ac014da3d424d84e5b2f9139a4613d389637c494a9962234f5e5a773f27686125f9f59fae9d0ca9de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe

Filesize
468KB

MD5
e00cd7393c586a481983be3362c24461

SHA1
49c6974a9a450deb729929aa7684c740cb33d0b4

SHA256
214c15ad4080946e70df84409267c285b5ff23e1fbdd43e5e0438a4c2cc3f226

SHA512
f7eb46f266190238a33a35657c097372e03abbbefcdc9e89293f2afb80ca8a89745c51ff7d00e9922cf0786959ef8041a92007cdfd79bebb8d0732e4f8e8a777

Download Submit
memory/60-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/408-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/732-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/832-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1036-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1048-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1208-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1216-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1352-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1840-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1904-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2224-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-2648-0x00007FF935020000-0x00007FF935079000-memory.dmp

Filesize
356KB

Download
memory/2276-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2396-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2560-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3212-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3216-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3280-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3312-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3436-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3588-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3676-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3692-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3768-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3860-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4028-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4068-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4188-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4200-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4268-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4500-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4616-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4632-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4656-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4684-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4836-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4920-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4964-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5012-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5156-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5324-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8000-4498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14320-2798-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15992-2797-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16020-2796-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16080-2921-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17668-4251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/18048-4559-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads