71655998fe2296874bfa6784f084552ed2caf323c03a71f914d949f0b2c57032

Analysis

max time kernel
120s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03974533cefebeaf425e4f9d2b76b8a0N.exe
Size

468KB
MD5

03974533cefebeaf425e4f9d2b76b8a0
SHA1

45c91aa3de3672c9b2e58841c988a370176a9802
SHA256

71655998fe2296874bfa6784f084552ed2caf323c03a71f914d949f0b2c57032
SHA512

f46cce5c98afeb67c17e7f2c4102053197fd26cd8a697dfae87a23a3fb2a05b93c5ee40dc33ba833161324aca2528e35ec2cf8bddd7f52aa94a05c7ab6221606
SSDEEP

3072:W1N/ogLda88Un+/0Pz5FapwcfhzWI8JnmHe0VWbf2t3ibFN4wlI:W11o9RUn/P1FapGxPvf2twFN4

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2464	Unicorn-60282.exe
2044	Unicorn-14132.exe
4532	Unicorn-33998.exe
848	Unicorn-45586.exe
3488	Unicorn-47624.exe
3276	Unicorn-12913.exe
4772	Unicorn-58585.exe
1324	Unicorn-23002.exe
3520	Unicorn-11304.exe
1984	Unicorn-57520.exe
2512	Unicorn-63650.exe
1696	Unicorn-39146.exe
684	Unicorn-43785.exe
1236	Unicorn-63385.exe
4472	Unicorn-63650.exe
3476	Unicorn-26266.exe
4920	Unicorn-42410.exe
4420	Unicorn-42964.exe
4844	Unicorn-56700.exe
2540	Unicorn-54470.exe
3316	Unicorn-4699.exe
524	Unicorn-13629.exe
3000	Unicorn-25882.exe
8	Unicorn-29966.exe
4000	Unicorn-25143.exe
3248	Unicorn-19576.exe
2536	Unicorn-19576.exe
3900	Unicorn-43526.exe
2660	Unicorn-59789.exe
3240	Unicorn-40188.exe
1424	Unicorn-38216.exe
3768	Unicorn-41554.exe
4676	Unicorn-713.exe
3080	Unicorn-713.exe
4040	Unicorn-8881.exe
3956	Unicorn-5492.exe
3208	Unicorn-2228.exe
2768	Unicorn-36192.exe
2444	Unicorn-1481.exe
4924	Unicorn-36000.exe
2516	Unicorn-51450.exe
4108	Unicorn-46604.exe
3336	Unicorn-10609.exe
2500	Unicorn-22862.exe
3236	Unicorn-30838.exe
184	Unicorn-5372.exe
4244	Unicorn-35476.exe
824	Unicorn-55342.exe
1784	Unicorn-55342.exe
1692	Unicorn-2249.exe
4648	Unicorn-4287.exe
2684	Unicorn-20623.exe
1888	Unicorn-26489.exe
2352	Unicorn-52005.exe
4652	Unicorn-14864.exe
1548	Unicorn-35690.exe
4320	Unicorn-37728.exe
3428	Unicorn-60002.exe
2252	Unicorn-52581.exe
116	Unicorn-43474.exe
3112	Unicorn-35860.exe
544	Unicorn-55726.exe
1948	Unicorn-10801.exe
1776	Unicorn-60557.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
9264	4084	WerFault.exe	389
6332	14788	WerFault.exe	765
8132	6968	WerFault.exe	284

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18003.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
16372	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16124	dwm.exe
Token: SeChangeNotifyPrivilege	16124	dwm.exe
Token: 33	16124	dwm.exe
Token: SeIncBasePriorityPrivilege	16124	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1468	03974533cefebeaf425e4f9d2b76b8a0N.exe
2464	Unicorn-60282.exe
2044	Unicorn-14132.exe
4532	Unicorn-33998.exe
848	Unicorn-45586.exe
3276	Unicorn-12913.exe
3488	Unicorn-47624.exe
4772	Unicorn-58585.exe
3520	Unicorn-11304.exe
1324	Unicorn-23002.exe
2512	Unicorn-63650.exe
684	Unicorn-43785.exe
1236	Unicorn-63385.exe
1696	Unicorn-39146.exe
4472	Unicorn-63650.exe
1984	Unicorn-57520.exe
3476	Unicorn-26266.exe
4420	Unicorn-42964.exe
4920	Unicorn-42410.exe
4844	Unicorn-56700.exe
3248	Unicorn-19576.exe
2540	Unicorn-54470.exe
3900	Unicorn-43526.exe
2660	Unicorn-59789.exe
4000	Unicorn-25143.exe
524	Unicorn-13629.exe
8	Unicorn-29966.exe
2536	Unicorn-19576.exe
3316	Unicorn-4699.exe
3000	Unicorn-25882.exe
3240	Unicorn-40188.exe
1424	Unicorn-38216.exe
3768	Unicorn-41554.exe
3080	Unicorn-713.exe
4676	Unicorn-713.exe
4040	Unicorn-8881.exe
3956	Unicorn-5492.exe
3208	Unicorn-2228.exe
2768	Unicorn-36192.exe
2444	Unicorn-1481.exe
4924	Unicorn-36000.exe
2516	Unicorn-51450.exe
4108	Unicorn-46604.exe
3336	Unicorn-10609.exe
2500	Unicorn-22862.exe
824	Unicorn-55342.exe
4244	Unicorn-35476.exe
3236	Unicorn-30838.exe
1784	Unicorn-55342.exe
4648	Unicorn-4287.exe
1888	Unicorn-26489.exe
2684	Unicorn-20623.exe
184	Unicorn-5372.exe
1692	Unicorn-2249.exe
2352	Unicorn-52005.exe
4652	Unicorn-14864.exe
1548	Unicorn-35690.exe
4320	Unicorn-37728.exe
3428	Unicorn-60002.exe
2252	Unicorn-52581.exe
116	Unicorn-43474.exe
2724	Unicorn-7272.exe
1776	Unicorn-60557.exe
3112	Unicorn-35860.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2464	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	89
PID 1468 wrote to memory of 2464	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	89
PID 1468 wrote to memory of 2464	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	89
PID 1468 wrote to memory of 2044	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	93
PID 1468 wrote to memory of 2044	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	93
PID 1468 wrote to memory of 2044	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	93
PID 2464 wrote to memory of 4532	2464	Unicorn-60282.exe	92
PID 2464 wrote to memory of 4532	2464	Unicorn-60282.exe	92
PID 2464 wrote to memory of 4532	2464	Unicorn-60282.exe	92
PID 2044 wrote to memory of 848	2044	Unicorn-14132.exe	97
PID 2044 wrote to memory of 848	2044	Unicorn-14132.exe	97
PID 2044 wrote to memory of 848	2044	Unicorn-14132.exe	97
PID 1468 wrote to memory of 3488	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	98
PID 1468 wrote to memory of 3488	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	98
PID 1468 wrote to memory of 3488	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	98
PID 2464 wrote to memory of 4772	2464	Unicorn-60282.exe	99
PID 2464 wrote to memory of 4772	2464	Unicorn-60282.exe	99
PID 2464 wrote to memory of 4772	2464	Unicorn-60282.exe	99
PID 4532 wrote to memory of 3276	4532	Unicorn-33998.exe	100
PID 4532 wrote to memory of 3276	4532	Unicorn-33998.exe	100
PID 4532 wrote to memory of 3276	4532	Unicorn-33998.exe	100
PID 848 wrote to memory of 1324	848	Unicorn-45586.exe	101
PID 848 wrote to memory of 1324	848	Unicorn-45586.exe	101
PID 848 wrote to memory of 1324	848	Unicorn-45586.exe	101
PID 2044 wrote to memory of 3520	2044	Unicorn-14132.exe	102
PID 2044 wrote to memory of 3520	2044	Unicorn-14132.exe	102
PID 2044 wrote to memory of 3520	2044	Unicorn-14132.exe	102
PID 4772 wrote to memory of 2512	4772	Unicorn-58585.exe	105
PID 4772 wrote to memory of 2512	4772	Unicorn-58585.exe	105
PID 4772 wrote to memory of 2512	4772	Unicorn-58585.exe	105
PID 2464 wrote to memory of 1984	2464	Unicorn-60282.exe	104
PID 2464 wrote to memory of 1984	2464	Unicorn-60282.exe	104
PID 2464 wrote to memory of 1984	2464	Unicorn-60282.exe	104
PID 3276 wrote to memory of 1696	3276	Unicorn-12913.exe	103
PID 3276 wrote to memory of 1696	3276	Unicorn-12913.exe	103
PID 3276 wrote to memory of 1696	3276	Unicorn-12913.exe	103
PID 3488 wrote to memory of 4472	3488	Unicorn-47624.exe	108
PID 3488 wrote to memory of 4472	3488	Unicorn-47624.exe	108
PID 3488 wrote to memory of 4472	3488	Unicorn-47624.exe	108
PID 4532 wrote to memory of 684	4532	Unicorn-33998.exe	106
PID 4532 wrote to memory of 684	4532	Unicorn-33998.exe	106
PID 4532 wrote to memory of 684	4532	Unicorn-33998.exe	106
PID 1468 wrote to memory of 1236	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	107
PID 1468 wrote to memory of 1236	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	107
PID 1468 wrote to memory of 1236	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	107
PID 3520 wrote to memory of 3476	3520	Unicorn-11304.exe	109
PID 3520 wrote to memory of 3476	3520	Unicorn-11304.exe	109
PID 3520 wrote to memory of 3476	3520	Unicorn-11304.exe	109
PID 1324 wrote to memory of 4920	1324	Unicorn-23002.exe	110
PID 1324 wrote to memory of 4920	1324	Unicorn-23002.exe	110
PID 1324 wrote to memory of 4920	1324	Unicorn-23002.exe	110
PID 848 wrote to memory of 4420	848	Unicorn-45586.exe	111
PID 848 wrote to memory of 4420	848	Unicorn-45586.exe	111
PID 848 wrote to memory of 4420	848	Unicorn-45586.exe	111
PID 2044 wrote to memory of 4844	2044	Unicorn-14132.exe	112
PID 2044 wrote to memory of 4844	2044	Unicorn-14132.exe	112
PID 2044 wrote to memory of 4844	2044	Unicorn-14132.exe	112
PID 1236 wrote to memory of 2540	1236	Unicorn-63385.exe	113
PID 1236 wrote to memory of 2540	1236	Unicorn-63385.exe	113
PID 1236 wrote to memory of 2540	1236	Unicorn-63385.exe	113
PID 1468 wrote to memory of 3316	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	114
PID 1468 wrote to memory of 3316	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	114
PID 1468 wrote to memory of 3316	1468	03974533cefebeaf425e4f9d2b76b8a0N.exe	114
PID 684 wrote to memory of 524	684	Unicorn-43785.exe	115

C:\Users\Admin\AppData\Local\Temp\03974533cefebeaf425e4f9d2b76b8a0N.exe
"C:\Users\Admin\AppData\Local\Temp\03974533cefebeaf425e4f9d2b76b8a0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61258.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        9⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        10⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        10⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        10⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
        7⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        9⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        8⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        7⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        9⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        9⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        8⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        8⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        7⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        8⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        6⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        6⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        6⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        5⤵
        
        PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        9⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        9⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7488.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        7⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        5⤵
        
        PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        7⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        6⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        7⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        6⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35204.exe
        5⤵
        
        PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
      4⤵
      PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        9⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        9⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        9⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        9⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        8⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        7⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        6⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        7⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        6⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        8⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        6⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        6⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        6⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        5⤵
        
        PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        5⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
      4⤵
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        6⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        7⤵
        
        PID:17384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        6⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        5⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        7⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        6⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        5⤵
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
        6⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        5⤵
        
        PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        6⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52942.exe
        5⤵
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
      4⤵
      PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
      4⤵
      PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
      4⤵
      PID:7504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        7⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        6⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        5⤵
        
        PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        6⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        5⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        5⤵
        
        PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
      4⤵
      PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
      4⤵
      PID:7648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        6⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        5⤵
        
        PID:14084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 632
        5⤵
        Program crash
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
      4⤵
      PID:8816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
      4⤵
      PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
      4⤵
      PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
      4⤵
      PID:7944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
      4⤵
      PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
      4⤵
      PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
    3⤵
    PID:7948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
    3⤵
    PID:8284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        10⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        10⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        10⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        9⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        9⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
        9⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        9⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        9⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        7⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34863.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        6⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        7⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        7⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        7⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        6⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        6⤵
        Executes dropped EXE
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        7⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45536.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        7⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        6⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        5⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        7⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        6⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        5⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      4⤵
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35204.exe
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        5⤵
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        5⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
      4⤵
      PID:9952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        9⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        9⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        9⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
        8⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        8⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
        7⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        7⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        6⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        5⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        6⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        6⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        5⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        5⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        5⤵
        
        PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      4⤵
      PID:7096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        5⤵
        Executes dropped EXE
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35204.exe
        8⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        6⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        6⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        6⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41379.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        5⤵
        
        PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16512.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34863.exe
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7869.exe
      4⤵
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        6⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        6⤵
        
        PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
      4⤵
      PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
    3⤵
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        5⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
      4⤵
      PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19501.exe
      4⤵
      PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
    3⤵
    PID:9860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
    3⤵
    PID:13648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
    3⤵
    PID:5308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        7⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        7⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        7⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        7⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        7⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        5⤵
        
        PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        5⤵
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
      4⤵
      PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        5⤵
        
        PID:14788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52788.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1660.exe
      4⤵
      PID:14788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14788 -s 276
        5⤵
        Program crash
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        8⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        7⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        6⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
        6⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        5⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        5⤵
        
        PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        5⤵
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
      4⤵
      PID:4084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 244
        5⤵
        Program crash
        
        PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
      4⤵
      PID:15980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        6⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
      4⤵
      PID:7800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        5⤵
        
        PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
      4⤵
      PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
      4⤵
      PID:7676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
    3⤵
    PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        5⤵
        
        PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
      4⤵
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
    3⤵
    PID:8520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
    3⤵
    PID:12980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
    3⤵
    PID:1584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        5⤵
        
        PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
      4⤵
      PID:7572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33181.exe
    3⤵
    PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
      4⤵
      PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
    3⤵
    PID:10024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
    3⤵
    PID:12564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
    3⤵
    PID:8500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        6⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        5⤵
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
      4⤵
      PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
      4⤵
      PID:7632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
        5⤵
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
      4⤵
      PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
      4⤵
      PID:17232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
      4⤵
      PID:8076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
    3⤵
    PID:9732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
    3⤵
    PID:13292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
    3⤵
    PID:7788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
    3⤵
    PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
      4⤵
      PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
    3⤵
    PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35641.exe
    3⤵
    PID:11424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
    3⤵
    PID:15260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
    3⤵
    PID:6712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
  2⤵
  PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
    3⤵
    PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
      4⤵
      PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
      4⤵
      PID:9896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
    3⤵
    PID:15500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
    3⤵
    PID:7580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
    3⤵
    PID:7144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
  2⤵
  PID:11432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
  2⤵
  PID:15216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
  2⤵
  PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4084 -ip 4084
1⤵
PID:10152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:16372

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6968 -ip 6968
1⤵
PID:12292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe

Filesize
468KB

MD5
b099240879a8b9857678939176f50220

SHA1
139967b34ee806d1e8287417f3a4d7f6e9aaa276

SHA256
de910eb86186d639046e931a8da857219e3621765b34726871d58dba5c88ea1b

SHA512
b923e939da64ebb2b29d2824d759e718cfd8427b6d248414b2603d13878c13b9dec1165f39f770e0c59a40b9e4afc70397c746f3c2c911ea20736d132f3ad0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe

Filesize
468KB

MD5
6dd73c3656976839e0d32804977dc90f

SHA1
1c5c88b306b0b609eabc8f7beb8d62c5010823d9

SHA256
d3baa353f3d6c6898e4a34e4dbe8254f0369f76f1355de857cc1620f9afdd4e1

SHA512
7a707174437bbab25eb34e70cf0879f63c5ded95984bf486e4f70b88a745c285dc771b793f66ed0e8bb032fab960d0b129fedafc2a34954ff1c1fd4e2007eb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe

Filesize
468KB

MD5
6da8a1dd443753ac2f4bb84bbadd30cf

SHA1
86694ea7128ab469359e18dce4dba6a118551a89

SHA256
d411cd7b857512b662d1d8df0b0fd9c4e4924f581eb46c0a60f089ef764ad4e2

SHA512
73b87f2b0ee20171aeffa25d20bc993df219c03abe3c12a65477e52a75fed45598f4dcefccd2c0e918b630be9292632d2998bd2300b9317ac9a6e0a5cb6ccf93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe

Filesize
468KB

MD5
fe1d0b8031c5dfcb4b59d042ba5d9bd9

SHA1
9e913a25d988b15871b1ebd99fc6d828dc9aadf6

SHA256
357942d63ff4dcb78c8141724723e09ca63e44524828e781f02bfd92ec2ae1b8

SHA512
f90dc4ae85eb862f23b80b07a9c811d6e8459ca9698a0f3b7a6fd0dcf7a4445a7cc6fe62e6dd0ba4c5512fd5989fad01ca3b2bd3e2bdec31baf1404f385bb00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe

Filesize
468KB

MD5
29f8f647362c83b3dbd0d72d97f0cc6a

SHA1
442668420930000ea3a5fc2a2a57fbbdddd90293

SHA256
0902b6ecd63ecdb976b8ac584a44ea4a43f4b57b769654ed9965a6459e2bc980

SHA512
751518e1e1541412f7d5df941e0e14db2f28e062762068788dc94bad505cc4e6758555b3849b18eec084aef1853b56910b6a2d749ed06f3503258f6ac5a43961

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe

Filesize
468KB

MD5
d559a581e1f5623a0437511e11664ee7

SHA1
afc67da6ee9f8ad194e02297d2c583a56d1dc961

SHA256
0a45d42d5550dc9e844eb072e3d544ca709db7778600d86ec91f54dd46131a12

SHA512
fdbaf4706e35433137cc1e13220456eec12e09fd2fbfcb70bcb6ef6c6cb5ad98081c736640a2f06a28ab829eff9f55bf6d94439756778a721445940e1a02212d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe

Filesize
468KB

MD5
701b3b325b91f95eeeaa28a4100dafa3

SHA1
c79e1dcf83afd6f7ca82512c083567a66cb73761

SHA256
47fb388f65d89048cd6343f3c256e98685318c58eb478e7e7dfffa7052a6fdbe

SHA512
93244577c55e8f2fcf032ee885d0653ea782f84b53de80cb7c2e8a8dbbe910d682690219c2d488898147cb9cee42e9f31ba9d550235802a8c21fee7510e128d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe

Filesize
468KB

MD5
5d7032aab154e17c523ac05c82102769

SHA1
dc7888346825fe854709da1625fb3328c32a8fb6

SHA256
4037235ff135d96087a62e914fb7d7faa67ba25a5c4b5bc13ed1aa23ec69a2e3

SHA512
346d9edd2e4477da6b4712d23b253db6319040f3811b3724df5f544152bc13afefdfefe692af3b9a4fbe74bb8216e155f45e3ebe3c93e9417665931f52813d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe

Filesize
468KB

MD5
1325dfdee9dc5260864c2a026a71d761

SHA1
4847eb18dc6305bb4eacd996e9da1325cf1024a3

SHA256
027fd90f5855fc98ff49ba4d1de265b6635e3e9692845cbe37d2e95a2b6e7c5a

SHA512
d414f9b0f01aae41d2f29590b4e75ccd9c2c74132b4674d6d3fb4c7911fe74c14c47f9d539198fb2e4368598fd8e7045ea265e6aa65052703686ab9f36856b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe

Filesize
468KB

MD5
0b68cbab33213e148ef8a6832dce08f0

SHA1
588e23c5136cb486ee2daa2b6b0be7e8a0363b63

SHA256
08997f185b6f7dab1b95e80f1bf11e41c9bc8065b7f4215b62a052ecc7d9d9ed

SHA512
625f174a865a410c54873d4fa58b637e7af3cc89560c07f4d279b29b848c3efcdb17e1cb12a19803d322e8eccadbdad96467b1fcbceaa82e93f49de55e6b708c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe

Filesize
468KB

MD5
814c73da4d042b477241a1c06223eebe

SHA1
ea8f349c86c2f84ef7aa869b9c1d5da63423d4f1

SHA256
b2f36a6abf396f5d9fb3c8310e60fb843518393f44337fbc1bee5c7d6755437e

SHA512
0a56f26875423658a9f414d87bc1faa9c196b198a9d8c9e04165c9054358d9dcf796566c5e8475b067d4c3f4800a2c56031dab1ae4c01dff7bd697b02af87628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe

Filesize
468KB

MD5
cdf7028236037107c23a9f5616bfe3af

SHA1
ec9cb6e30bc1d02b834d2bc62e58c49aaedc0d3f

SHA256
1531f49b51277d3cb7d5f99dff01c714be56413e360bc43c508f413b379ff183

SHA512
f081817081fb1b7741c0375841e59cf480dc36eb9bf9cbdeaf8e7a9f82ce0bd440778d9d5a633f2af1281df69993c6bcf18b320791bcaff99d5b216594294820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe

Filesize
468KB

MD5
02fc1302bd795355666e1e081a573c90

SHA1
4cf115b6fe09758ce25cca565a57d90469539735

SHA256
960b3277c2322d3a19fa5e294f1dc1a27b7ba8cb6f7a49f02f7474cbb019e46c

SHA512
9c530f8e6751f15e4f895c7ecf4a345ae9e15b3b5d6b76dfc83695616fdcdce189ac0d5588330105ffe45141aa9e64662868c4146e3b15f82d88979a602461cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe

Filesize
468KB

MD5
3af17fb4ce1f9c07edbda26666f5c514

SHA1
45fe0f038cbfeef00a096429b270d4c4cbe1cd28

SHA256
8f9afc42baf814e8c715ce94c8874f19a7c89c4d1fb1d5e124ea6dda48f3dbe6

SHA512
9cffcc0156ec99a5fdf854ed705332f44e0916d8d7d6c7d51cc65c03a3d8c3d4421ff2428fb88231e29560704d36030af436c08fa5c946b61724c655c73f91c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe

Filesize
468KB

MD5
d5bd1036446212a94eef7bb888b73bab

SHA1
d99e0375c6c5dcb8cf60df3dbef8d43cb090eec8

SHA256
e47c7dd2c0c18adf86b9df2e718846cc6d2eccbfa417d27f0ebbb10ccc554020

SHA512
ad14cf749fbbca92eb5f2085dc6c75cacff91d40b566f67284dfa91fbef948edcccf9094b3ae93df536fc5b1f6d40a597ad039dac05016f0516854f29d1f6b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe

Filesize
468KB

MD5
ff43cfbad23138c25906204372a18dae

SHA1
4e5a659ccf7a7f53a56e99a550d1ca30783cea64

SHA256
488864c9efded72dcce8c40f2d0650bf7964ca5780c6adf6049f0bcde84df6f7

SHA512
0510a3c9f20d1f1cf8e97e816d621ae4a50f8170daadae24c015dce62e9f0f071538396741c40b6a7b3185aee58e8fcff020ccab9797153790f48bdf32dc2624

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe

Filesize
468KB

MD5
07b309a227c949fe5c35f439dbaff1db

SHA1
0f543b7c6eb93065fec11ebc1863dfba11013ac5

SHA256
0f12afbe4e0da14ea81b5610d3240c4cfe3a9dda7369e565a3c028198265d2eb

SHA512
d001beb786fe33fb12b3ea512242f018a8e50ea98e24715dc5d4ce4b2942df713bd55aa9baea97d17cf363099d3e64772fed8482eb69baae8b05c4b7d26a068d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe

Filesize
468KB

MD5
d2a1c473879e0270fcf528c48bf337fd

SHA1
105d1e15a2dba9c985a267c3181d7503712dd6b5

SHA256
0f5e93cd0a92d7d23b1d7b7242a278b2ef5dd5171eb8db0abf75af611273f861

SHA512
d4fb6df3da27412bb6390e2d756e0fcfaa73962a7baa62900c01c15563b581462596dbc01ee69016ef1ee5c13c113bb447f32cae0b40d3c505794d78b32b7531

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe

Filesize
468KB

MD5
6aedfc7fa04b19923383be9b49f5d72d

SHA1
87d023ec032ec00f58e0cc9feb242196a3bff3ce

SHA256
a626f5ec25888894452f941386027496a2c62538497ac4efcd278f4ec6ffdd9d

SHA512
5ef01211bdcb8bc0952252e2414b67f41522625ec7e525103304d71df9d5bac996b8a741e0a50f522ef7a5c6482492ddab1232a8808e34a05879bc0574f2cee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe

Filesize
468KB

MD5
1288370b66ae5fc924b740ba31b01751

SHA1
a6707a1c20c30c9e03ca30f610201ddfd5a40f4d

SHA256
86b190ab5a7fa17c75b4dbc1b654377272a122ed7b19feba92fe76da68922232

SHA512
3649db205e747f4777cf4635e7456f47cb372413907937eb658ca0951786a32c98b3617384f868a96316789c3e1f71567f42bb164e7a53c47692ae5a68c2192e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe

Filesize
468KB

MD5
8d84c5bd218070afcdb4d9ce8d9fbd72

SHA1
1ef4a61dd77c42876a3ce82528a0c4e1ea13172e

SHA256
6bf82e5612b331cee9f3003b82c7d8d593a52796a6f54cea04aa1bfbbf639b7c

SHA512
7170e6deaa679d97a4003cd238226960a3de5c37d33386d1c640655ea9c7e6ca8d412b032e44435aa84ea06b72ddea23cce6f44d7e394bfcfd1378387926f12e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe

Filesize
468KB

MD5
86411597740dacf4db3dcd6cb3661810

SHA1
83ab77387be124f2d0ed244a3a32edf6afb7e884

SHA256
81267e7f1f9da6749077a2adf4849cf81f4160722ab288504d840c09eb2d2277

SHA512
9863694a72e72d656400785181251de828ca113b2186822d5f104161e120eeec69b2efee657496fab77cf9fdbba31b9961647e50408aa88114578949903e2150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe

Filesize
468KB

MD5
3272f3a00ede66486c03625d97507c41

SHA1
9adbf477950c74c0f98004d9518dcd931c9b0201

SHA256
29ed1f118dd2f2240ac0261976082c7b6d86a23d7696848c6e8a22165cfb13c6

SHA512
1253555165b89655ba16afa18e2f2a7174c3d3b891bc49429a72ba115bc14febf9871ef817be20cf5d049920de69503b9ad96d01241eea6335c83d624a59bd63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe

Filesize
468KB

MD5
97acfdea7b5449ff07ff8219cd1244e0

SHA1
3b25ad204fee20776a985fc81596af00917c885c

SHA256
5b9b1452f92e2adf84b71d9542757d43296ac99a08c017cb4a8ebc0c25d2d68f

SHA512
4e7fcd5ecee8257efd3aa531b2f9553fc4d1e18c3bf33733abcd1aa9c99f99e8b10faf549313591e00bdb5d80dd762837ecebb91e3b9f6c5b0d4175b4df78307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe

Filesize
468KB

MD5
148c7cc6d092190a6305a4f2c6afdd55

SHA1
50faf5658a989ec604b06abd3111d7df3f5b1d99

SHA256
71e877cd7d0585d7a2bea10274ae162192934d9f3062e739007d036a19a27584

SHA512
1517ad8800d77044118580ecc23e09797488b1b39f7d2f56086477e8b243bb4672acc13ff90e86ff9a0a7339fdb3ff58d0c20d4bdb1a403d11c6975731a9ec27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe

Filesize
468KB

MD5
776b88317adfc3faec93d102e3075d0b

SHA1
5eae010e9dbec906d148191d914145f102952cba

SHA256
b0db06767a84177e6f844ac1815344ba9f36c453f749ba2e9c8a2e650bfc23d8

SHA512
ee9df097e3076d7a7680d56abf8e4888555c6dd491154bde4b397e4ab6c9e600512981533136d8b7d693e1bb4be8554bbca2d7c110823e25e2c2b35740a7d236

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe

Filesize
468KB

MD5
84f5ca51c1b48791980ae80e7f7900e1

SHA1
3af3d185d8a4102273b59dfeff86badc099714db

SHA256
37552e7428efaeb20ac8bed1bb1bc96a5c9c784e5f53845f697c64d6247e31e7

SHA512
2bea15ae0df457f0e852cd74d68668f503fe8a069b335bbcf53adf87c2abc585199f5363faa93f283d3a6cff7b095a36e748f094f4732a9de9f3d4f3fc172af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe

Filesize
468KB

MD5
1da17288df97ce86eeab6e5c747e294b

SHA1
8042cc565dbdf2b1d7141993b9a986f4c9daa434

SHA256
e4e5153669259cccce8b19eb867d405639818182cdc7c619e274f88dcd1c90a5

SHA512
3b6fbdf1a1b14ce5a053f530cd21e29732d9d9b2fcc7123a26c2b617ed00ed02b2b69793388edcb95df6fe17140fb1ce11bc4258c6c8633dc58e9ef9a2e0b677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe

Filesize
468KB

MD5
73cb8fbeface43e35f4b6f99a36f19b9

SHA1
4ea2058cf70e4e5736c71d6a2a29c925b7504f30

SHA256
9107149e4b9bd87df03df1f28e5cda7e7f372c70486df364fc6dc5e166ff3d84

SHA512
63b0e21c7f63773fb5289ac04e1377e9e4da0aa80668191d27f6d5a9d4627e7341bcdea6a122682c44c1d99a21388eebad411375e3592643943e1bf47b848ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe

Filesize
468KB

MD5
344b8dd631c813deb6ededb0c4443e2b

SHA1
d6e937dc24fdcc9a95d050670ba6cbb849f8dce0

SHA256
88aa9f050f02543c63bd4deed438f56bb14cdaa3fcf0157226272c639f52f406

SHA512
9b09749073dd58f7488d0999b098dfe336b8adb792e99bbd368d435be5893858dd81deeacc75c6591058c1d57ebc74afad9c94ee64e58141f96e6952f16d1122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe

Filesize
468KB

MD5
56ca7673dc8bfff3fc2baf4015296759

SHA1
22b2bd75e26ca562e48417a63cae81c3770dfa56

SHA256
e143b19b671ddca66ee775f87ba7beeab83661de6ccb8bccac5fe92ae24e4425

SHA512
8b1f973206c4e012489794d0fd5e4e5cf33f5b1882b1330319bccc7f0856cd6254b63063233d3827fda70e0e07d4ddc7dc671dcd6aa6accb7aec128cb5f55e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe

Filesize
468KB

MD5
7820cab211952dd0f58013533945a698

SHA1
bb1ccbfebeda874d549a29aa9e2d6d9e3329cc42

SHA256
6a9e73333b5209a52cad3a8cbc31f94f46688a38b33b1ec234b80f1fc8b3daf7

SHA512
99fc87a4ec96822b2beb08a2ecfde36c214e80550f22874e263101714866a8a139d152e8274869d4fbea432fa0346ebaba7c1d72ee0ee3736739ef194dc169b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe

Filesize
468KB

MD5
891aeda8c299e46ba068fe731905ceaa

SHA1
892de32ffc2469b97aed9ac89f8afca6c69a8861

SHA256
1e4232bc1894ba54358d10708d743e0e68dd2385a0b74a45afc47c7b5b4c9c8c

SHA512
1c4ec35f5f91de95ca814e2e9e3620a91145ece8eb6b7ae44fef5b27fc29403697ae1399bc47591c3a77ff74f90545a1627cc145d918a9fb97de3fee54816952

Download Submit
memory/8-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/116-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/184-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/216-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/524-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/544-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/644-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/740-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/824-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1324-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1468-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1548-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1948-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2540-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3112-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3240-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3276-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3336-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3428-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3476-108-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3768-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3820-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4108-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4244-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4472-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4648-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4652-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4772-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-129-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4920-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4924-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5388-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5408-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5428-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5472-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5572-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5740-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5756-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5796-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5856-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5868-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5888-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5980-565-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6036-566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6048-567-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6060-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6068-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9872-1466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9872-1465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16016-2488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16212-2494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads