19ed6bba2189a7d6dc70c2dc223bdf5c748fda5b2f3a7a6c1ef686cc5f3f2aa6

Analysis

max time kernel
118s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c53ee7101f46528e3adda23490503720N.exe
Size

468KB
MD5

c53ee7101f46528e3adda23490503720
SHA1

d5ae561fd223ce2bb59f22b45a74508d519690f3
SHA256

19ed6bba2189a7d6dc70c2dc223bdf5c748fda5b2f3a7a6c1ef686cc5f3f2aa6
SHA512

894beb998c4738f19e3a08b9d646572571ffea53d7bf70de44df70aaab8fc4c791570cbfdba00895b5acb8b31c5d4dfbfc39d697520bc868dc8df34a7030a5f4
SSDEEP

3072:WAoCogudjx8U2bYwPz538f5EChjWIpzEmHevVpUVAM3XHM0DQlC:WANoFyU2HP138fs06cVACXM0D

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4480	Unicorn-10280.exe
2984	Unicorn-41173.exe
3432	Unicorn-58448.exe
800	Unicorn-44593.exe
2260	Unicorn-44593.exe
1812	Unicorn-1898.exe
3268	Unicorn-53700.exe
2520	Unicorn-14032.exe
2532	Unicorn-42621.exe
552	Unicorn-22755.exe
3888	Unicorn-18671.exe
2704	Unicorn-38537.exe
4844	Unicorn-16070.exe
4376	Unicorn-46440.exe
4040	Unicorn-49720.exe
2788	Unicorn-13368.exe
2404	Unicorn-50296.exe
1460	Unicorn-59061.exe
3944	Unicorn-42533.exe
4912	Unicorn-30281.exe
4960	Unicorn-22667.exe
4884	Unicorn-5014.exe
640	Unicorn-1884.exe
3548	Unicorn-63337.exe
2076	Unicorn-63337.exe
4548	Unicorn-57207.exe
3140	Unicorn-39387.exe
4028	Unicorn-58988.exe
4344	Unicorn-53123.exe
4936	Unicorn-1182.exe
1752	Unicorn-3228.exe
3500	Unicorn-48153.exe
4684	Unicorn-56321.exe
2368	Unicorn-25494.exe
2592	Unicorn-15843.exe
3576	Unicorn-488.exe
4988	Unicorn-9211.exe
4892	Unicorn-21833.exe
1432	Unicorn-2159.exe
3740	Unicorn-37977.exe
768	Unicorn-25533.exe
4564	Unicorn-17365.exe
2760	Unicorn-54505.exe
1384	Unicorn-54505.exe
1188	Unicorn-34639.exe
748	Unicorn-36123.exe
2016	Unicorn-63633.exe
1996	Unicorn-43213.exe
4484	Unicorn-63633.exe
2628	Unicorn-26685.exe
4852	Unicorn-43213.exe
3632	Unicorn-2735.exe
4140	Unicorn-2735.exe
4260	Unicorn-6819.exe
4276	Unicorn-26877.exe
4056	Unicorn-58403.exe
2624	Unicorn-10519.exe
4404	Unicorn-24254.exe
1684	Unicorn-63441.exe
3084	Unicorn-31323.exe
1620	Unicorn-40975.exe
1356	Unicorn-59720.exe
2440	Unicorn-13783.exe
4476	Unicorn-1988.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
6784	5264	WerFault.exe	177
5240	5272	WerFault.exe	178

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18711.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16076	dwm.exe
Token: SeChangeNotifyPrivilege	16076	dwm.exe
Token: 33	16076	dwm.exe
Token: SeIncBasePriorityPrivilege	16076	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3148	c53ee7101f46528e3adda23490503720N.exe
4480	Unicorn-10280.exe
2984	Unicorn-41173.exe
3432	Unicorn-58448.exe
800	Unicorn-44593.exe
2260	Unicorn-44593.exe
3268	Unicorn-53700.exe
1812	Unicorn-1898.exe
2520	Unicorn-14032.exe
2532	Unicorn-42621.exe
3888	Unicorn-18671.exe
552	Unicorn-22755.exe
4844	Unicorn-16070.exe
4376	Unicorn-46440.exe
2704	Unicorn-38537.exe
4040	Unicorn-49720.exe
2788	Unicorn-13368.exe
2404	Unicorn-50296.exe
1460	Unicorn-59061.exe
4912	Unicorn-30281.exe
3944	Unicorn-42533.exe
4884	Unicorn-5014.exe
640	Unicorn-1884.exe
2076	Unicorn-63337.exe
3140	Unicorn-39387.exe
4028	Unicorn-58988.exe
3548	Unicorn-63337.exe
4960	Unicorn-22667.exe
4548	Unicorn-57207.exe
4344	Unicorn-53123.exe
1752	Unicorn-3228.exe
4936	Unicorn-1182.exe
3500	Unicorn-48153.exe
2592	Unicorn-15843.exe
4684	Unicorn-56321.exe
2368	Unicorn-25494.exe
3576	Unicorn-488.exe
4988	Unicorn-9211.exe
4892	Unicorn-21833.exe
1432	Unicorn-2159.exe
3740	Unicorn-37977.exe
768	Unicorn-25533.exe
4564	Unicorn-17365.exe
1188	Unicorn-34639.exe
1384	Unicorn-54505.exe
2760	Unicorn-54505.exe
748	Unicorn-36123.exe
2016	Unicorn-63633.exe
4852	Unicorn-43213.exe
1996	Unicorn-43213.exe
3632	Unicorn-2735.exe
2628	Unicorn-26685.exe
4140	Unicorn-2735.exe
4484	Unicorn-63633.exe
4260	Unicorn-6819.exe
2624	Unicorn-10519.exe
4056	Unicorn-58403.exe
4404	Unicorn-24254.exe
1684	Unicorn-63441.exe
4620	Unicorn-54120.exe
3808	Unicorn-13783.exe
3320	Unicorn-63441.exe
4992	Unicorn-50924.exe
1356	Unicorn-59720.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 4480	3148	c53ee7101f46528e3adda23490503720N.exe	89
PID 3148 wrote to memory of 4480	3148	c53ee7101f46528e3adda23490503720N.exe	89
PID 3148 wrote to memory of 4480	3148	c53ee7101f46528e3adda23490503720N.exe	89
PID 4480 wrote to memory of 2984	4480	Unicorn-10280.exe	91
PID 4480 wrote to memory of 2984	4480	Unicorn-10280.exe	91
PID 4480 wrote to memory of 2984	4480	Unicorn-10280.exe	91
PID 3148 wrote to memory of 3432	3148	c53ee7101f46528e3adda23490503720N.exe	92
PID 3148 wrote to memory of 3432	3148	c53ee7101f46528e3adda23490503720N.exe	92
PID 3148 wrote to memory of 3432	3148	c53ee7101f46528e3adda23490503720N.exe	92
PID 3432 wrote to memory of 2260	3432	Unicorn-58448.exe	95
PID 3432 wrote to memory of 2260	3432	Unicorn-58448.exe	95
PID 3432 wrote to memory of 2260	3432	Unicorn-58448.exe	95
PID 2984 wrote to memory of 800	2984	Unicorn-41173.exe	96
PID 2984 wrote to memory of 800	2984	Unicorn-41173.exe	96
PID 2984 wrote to memory of 800	2984	Unicorn-41173.exe	96
PID 3148 wrote to memory of 1812	3148	c53ee7101f46528e3adda23490503720N.exe	97
PID 3148 wrote to memory of 1812	3148	c53ee7101f46528e3adda23490503720N.exe	97
PID 3148 wrote to memory of 1812	3148	c53ee7101f46528e3adda23490503720N.exe	97
PID 4480 wrote to memory of 3268	4480	Unicorn-10280.exe	98
PID 4480 wrote to memory of 3268	4480	Unicorn-10280.exe	98
PID 4480 wrote to memory of 3268	4480	Unicorn-10280.exe	98
PID 800 wrote to memory of 2520	800	Unicorn-44593.exe	99
PID 800 wrote to memory of 2520	800	Unicorn-44593.exe	99
PID 800 wrote to memory of 2520	800	Unicorn-44593.exe	99
PID 1812 wrote to memory of 2532	1812	Unicorn-1898.exe	100
PID 1812 wrote to memory of 2532	1812	Unicorn-1898.exe	100
PID 1812 wrote to memory of 2532	1812	Unicorn-1898.exe	100
PID 3268 wrote to memory of 2704	3268	Unicorn-53700.exe	102
PID 3268 wrote to memory of 2704	3268	Unicorn-53700.exe	102
PID 3268 wrote to memory of 2704	3268	Unicorn-53700.exe	102
PID 2984 wrote to memory of 552	2984	Unicorn-41173.exe	101
PID 2984 wrote to memory of 552	2984	Unicorn-41173.exe	101
PID 2984 wrote to memory of 552	2984	Unicorn-41173.exe	101
PID 3432 wrote to memory of 3888	3432	Unicorn-58448.exe	103
PID 3432 wrote to memory of 3888	3432	Unicorn-58448.exe	103
PID 3432 wrote to memory of 3888	3432	Unicorn-58448.exe	103
PID 3148 wrote to memory of 4376	3148	c53ee7101f46528e3adda23490503720N.exe	104
PID 3148 wrote to memory of 4376	3148	c53ee7101f46528e3adda23490503720N.exe	104
PID 3148 wrote to memory of 4376	3148	c53ee7101f46528e3adda23490503720N.exe	104
PID 4480 wrote to memory of 4844	4480	Unicorn-10280.exe	105
PID 4480 wrote to memory of 4844	4480	Unicorn-10280.exe	105
PID 4480 wrote to memory of 4844	4480	Unicorn-10280.exe	105
PID 2260 wrote to memory of 4040	2260	Unicorn-44593.exe	106
PID 2260 wrote to memory of 4040	2260	Unicorn-44593.exe	106
PID 2260 wrote to memory of 4040	2260	Unicorn-44593.exe	106
PID 2520 wrote to memory of 2788	2520	Unicorn-14032.exe	107
PID 2520 wrote to memory of 2788	2520	Unicorn-14032.exe	107
PID 2520 wrote to memory of 2788	2520	Unicorn-14032.exe	107
PID 800 wrote to memory of 2404	800	Unicorn-44593.exe	108
PID 800 wrote to memory of 2404	800	Unicorn-44593.exe	108
PID 800 wrote to memory of 2404	800	Unicorn-44593.exe	108
PID 2532 wrote to memory of 1460	2532	Unicorn-42621.exe	109
PID 2532 wrote to memory of 1460	2532	Unicorn-42621.exe	109
PID 2532 wrote to memory of 1460	2532	Unicorn-42621.exe	109
PID 1812 wrote to memory of 4960	1812	Unicorn-1898.exe	111
PID 1812 wrote to memory of 4960	1812	Unicorn-1898.exe	111
PID 1812 wrote to memory of 4960	1812	Unicorn-1898.exe	111
PID 4376 wrote to memory of 3944	4376	Unicorn-46440.exe	112
PID 4376 wrote to memory of 3944	4376	Unicorn-46440.exe	112
PID 4376 wrote to memory of 3944	4376	Unicorn-46440.exe	112
PID 552 wrote to memory of 4912	552	Unicorn-22755.exe	110
PID 552 wrote to memory of 4912	552	Unicorn-22755.exe	110
PID 552 wrote to memory of 4912	552	Unicorn-22755.exe	110
PID 3148 wrote to memory of 4884	3148	c53ee7101f46528e3adda23490503720N.exe	113

C:\Users\Admin\AppData\Local\Temp\c53ee7101f46528e3adda23490503720N.exe
"C:\Users\Admin\AppData\Local\Temp\c53ee7101f46528e3adda23490503720N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
        8⤵
        Executes dropped EXE
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        11⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        10⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        10⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
        10⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        10⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        10⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        9⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        9⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        9⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        9⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        9⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        10⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        10⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        9⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        9⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        9⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        9⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        9⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        8⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        8⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        7⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        7⤵
        Executes dropped EXE
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        8⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        9⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        9⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        9⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
        7⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        6⤵
        Executes dropped EXE
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        7⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
        6⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
        9⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        9⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        9⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        9⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        8⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        8⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        7⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        6⤵
        Executes dropped EXE
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        9⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        7⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        9⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        9⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        8⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        8⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
        8⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        8⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        7⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        7⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        6⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        7⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        9⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        10⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        10⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        9⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        8⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        8⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        7⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
        7⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        8⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        8⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        7⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-666.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        6⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23333.exe
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        9⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        7⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        7⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45583.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        5⤵
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21671.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        7⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        7⤵
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        6⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        5⤵
        
        PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        6⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        5⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        6⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
        5⤵
        
        PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        5⤵
        
        PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
      4⤵
      PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        9⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        10⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        10⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        10⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        9⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        9⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        8⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        6⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        6⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        7⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        6⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        7⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        9⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        9⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39595.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        6⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        5⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        5⤵
        
        PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        7⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
        5⤵
        
        PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        5⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        5⤵
        
        PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
      4⤵
      PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
      4⤵
      PID:8920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        8⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        8⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        7⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        7⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        6⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        7⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        7⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        6⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
        5⤵
        
        PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6895.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        7⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        6⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        7⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        6⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        5⤵
        
        PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12106.exe
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
      4⤵
      PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        7⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        6⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        5⤵
        
        PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        5⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        5⤵
        
        PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60312.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
      4⤵
      PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
      4⤵
      PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
        6⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        5⤵
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62899.exe
        5⤵
        
        PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1302.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
      4⤵
      PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
      4⤵
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
      4⤵
      PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
      4⤵
      PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
      4⤵
      PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
    3⤵
    PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
    3⤵
    PID:15488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
    3⤵
    PID:10416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        9⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        9⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        7⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        7⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        7⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        6⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        7⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        6⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        6⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        6⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
        6⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4838.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        5⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        5⤵
        
        PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        6⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        7⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        6⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2382.exe
        5⤵
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        5⤵
        
        PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
      4⤵
      PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
      4⤵
      PID:8764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        6⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
        7⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        7⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        7⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56979.exe
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        6⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        5⤵
        
        PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        5⤵
        
        PID:5264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 212
        6⤵
        Program crash
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        6⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        5⤵
        
        PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
      4⤵
      PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
      4⤵
      PID:10604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        7⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        6⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        7⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        6⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
      4⤵
      PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        5⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        6⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        6⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        5⤵
        
        PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
      4⤵
      PID:984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
    3⤵
    PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
      4⤵
      PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
      4⤵
      PID:7052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
    3⤵
    PID:8236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
    3⤵
    PID:11916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
    3⤵
    PID:15832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
    3⤵
    PID:15052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        9⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        9⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        9⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        7⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        6⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        7⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        6⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        5⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        5⤵
        
        PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        7⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        6⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        6⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
      4⤵
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        5⤵
        
        PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8414.exe
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
        5⤵
        
        PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54685.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        6⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        5⤵
        
        PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
      4⤵
      PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
      4⤵
      PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        5⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        5⤵
        
        PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
      4⤵
      PID:10572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
      4⤵
      PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
    3⤵
    PID:8996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
    3⤵
    PID:12796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
    3⤵
    PID:8704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        7⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        6⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13524.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        6⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        7⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
        6⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        5⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        5⤵
        
        PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
      4⤵
      PID:9368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
      4⤵
      PID:5272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 176
        5⤵
        Program crash
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        5⤵
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
      4⤵
      PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
      4⤵
      PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      4⤵
      PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
      4⤵
      PID:9388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
    3⤵
    PID:8584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
    3⤵
    PID:11196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
    3⤵
    PID:3596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        5⤵
        
        PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7582.exe
      4⤵
      PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
      4⤵
      PID:15436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
    3⤵
    PID:10108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
    3⤵
    PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23333.exe
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
      4⤵
      PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
      4⤵
      PID:8432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
      4⤵
      PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
    3⤵
    PID:11440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
    3⤵
    PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
    3⤵
    PID:15568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
  2⤵
  PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
    3⤵
    PID:9296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
    3⤵
    PID:13776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
    3⤵
    PID:7156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
  2⤵
  PID:7380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
    3⤵
    PID:6480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
  2⤵
  PID:12588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
  2⤵
  PID:15696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5264 -ip 5264
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5272 -ip 5272
1⤵
PID:2228

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe

Filesize
468KB

MD5
6eaa186f760ef1efb7ca2b699bc42abf

SHA1
2c67f7fb97b2f01b6301ea0b220c3b8d6b6d17b9

SHA256
d006f70ea5a2dde6b7060e432b973c10a1138975828700f2e4315ab97a7ae177

SHA512
b4914216ebf18e64412e52203c4719bc52e6645ad7b0abbf6be58b31ab09c029b7f75854018d349428ff0fc6c112928bacedbd10cfc0de2f940c829a0aaf516c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe

Filesize
468KB

MD5
ff2b3d07dd64b7133fc9acbb129369eb

SHA1
a454996eb734f18d27f830bca6b96d0d61929f87

SHA256
f3887f39e18e1fdce762c32282be1e4f16ab8c625a0fb150b7b222d6ddc4de0c

SHA512
99d55f2d17cdaff659294d7fcc4482ac079c1a23081ab8396e75a9a1369e84f8c3ffacec5e2e517e69238462d3db992df56522158984801479919dacd6b4686c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe

Filesize
468KB

MD5
29d858b862c4c09ad097f503d62d1da0

SHA1
3e1c7cfb03c2e7dd09961d35b0a7655e279ad4a6

SHA256
67d7224c762ede34ade92415cbb3ac1dd6fb0524d1cf7d1dbda0d16f2cd0f1bc

SHA512
2a0b5629a28dadf39955a72db049f33672cf6d5950c37419e3b751d7ac469b4a9d177fad1a50c12751155f55edcb58aa3a97987f6c07c0759ab070ab12da0d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe

Filesize
468KB

MD5
2bd7e509196d3258fa2b01eb21ff1d2f

SHA1
d8e8d610537562ab083052132167fef58f9802f7

SHA256
a766ae9b3d527ae171daaa26f8564a61769ac4093b8dcdc339c9a85569f0f07c

SHA512
13dd8aa1a3612798d0124b89613e641d15e9af41da927651006ef60d8a565989236e259ca1db8f62e4315a24aa2b176537016daef1d1866ff2493f3fd5c6635a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe

Filesize
468KB

MD5
7ba4c9cea95a5e0f7f8548c1abb04c3b

SHA1
980ae8067861f63e386e802b9af6237704a5cb3e

SHA256
edf6c5a798d45eabaab74950dd7983ae58081d8a20b560039cc5fff2e60c02a9

SHA512
fc394b327e239ff38f2bd2e92c12b7ad0ce0e899fcb4bb129c0c51d350fe0cc5f6497b0a943a7c764351b805ee4f21ee728a89615ca9625f7c9b8ef14306d744

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe

Filesize
468KB

MD5
2b3793b7d7f4dbf4a3bcafd9483da969

SHA1
08de5cb01201b02257fed077989c713d1c7cc44d

SHA256
2ed8cb678cf5e0b5ba3a87aba0f5da97954b4af31a3b3d7d4b3ca4a44703ac4c

SHA512
888c15aa52a455e7026f2cb33074aaffade6314dfc48e96a8a221d34e384b451b039a512f0b3444ac3f5fb7d2a491e5a88a378c80f9cdcb06c47ce0c3fd1a28b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe

Filesize
468KB

MD5
7a1f9798adf630946c93d1292fe1034f

SHA1
bde81bb012a010cecd748677ed258dbcb83daaf0

SHA256
793118c28fb603984892c66cbc482069fbbb23fd290c0d45e35d7a5a7befa7cb

SHA512
95ebad02fc130f22c6d0546a9381442a9fef3c46cfe95e82b35bb7a9455d515881902e5560689313c2c580aa68a037ce5581413fb29a63b66b5ce386ff949709

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe

Filesize
468KB

MD5
e0a89e0384b922cd74622027a5f48fcd

SHA1
5d1199ab194103533bb6a95d3ee54e220ae01dba

SHA256
004eae1cb6837e1af58d7eed5927df81539d0298f9d4ce311d511d6f84199f6d

SHA512
40b4e0898920b53c91ada224df4fd2d479b839cb52e0e9d1fea99b4fc8647cb467972fc9417a3c26b4cfcd237fd01f4acb30c78687b8e469dd40a502fd9939e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe

Filesize
468KB

MD5
2c50978edb7f8ac2fa82477446f9acca

SHA1
9ed8c36bb592b8c52fc50baad177e5c51274a3f5

SHA256
7d710b2a072914f7eee63cac27e50763f10b2b1d395a3bf5c18a2c11b6dd47a8

SHA512
c7cee331c774971565ac7b9ee23679e4b791bda2c3e3d47f1ac44d08cfc7d16eed75d3bcf151563b2811a1c87cd00763ddc926f7f87d385d98234f5d53849baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe

Filesize
468KB

MD5
829f95d793c1640d355c02aa894b4849

SHA1
8cd02b7030da8576e63a62aef98dcf729c68e472

SHA256
f5143b49645ba281b9b25ceeff13a9eb08fb3e1909e5d70c1fb42d82f62d72ea

SHA512
3d75e559407eded74c6edbc1ba4a53db37614392c5e890078c441375960d2d403ef90179980060d5230a395ea1495541d72727297e96a58841a5e5afdef5fe48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe

Filesize
468KB

MD5
5786f306af0407eaeac273ab04f95854

SHA1
891a2c10771cc64168aa1b05718c2a5e8db9018a

SHA256
0423f45c4a9432fe4ac8d2aeaeeb229ad0f7edb3baaa3bea89343b972b271c20

SHA512
b422de5f595ae0ff4f9032de9638816db4161feb577fb60ad6ab2604a6d0a08f1ae84a9a8ed6143983d4fee5ff3eafa459a668be056b1c25a54dcd4486edb34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe

Filesize
468KB

MD5
ef6d28cd7cca0b2f9b541851e87d7a45

SHA1
f9a1cb587cac043d18c58b8ee50d77b58296aa74

SHA256
03f88342638a8712f3aade301b240a9726093a4fa7d4d9bb919e210829d25ff5

SHA512
58c777ca75a3f4791f027449424a0ff081db91a9f5c57c6a2ef032df296f5f92fa3d9962bcbb941ad5bf6c89a313300d7edc942c22f4395012c142e041cdce7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe

Filesize
468KB

MD5
c7a700dd85791734239ba7aeed57c1ca

SHA1
27f891be2041e2d4f19f5f569fcd93a0eb386d70

SHA256
3fa6319096f3a2b3afd1c65459066eb275b2306f94be01644eb5ce4b7619e49e

SHA512
99da7af4ad73bbc1793f859e180f1bedb6a63eb10a97e9bdd741afd1697d138e96439c6a55e4a65f2571901dcdcf81e719199d3a89214746f3def986527e1a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe

Filesize
468KB

MD5
2cd9cdc7b0cb1d6c7aad91b928e95518

SHA1
2f538096f1a8108ab771185df7ed96829ad0d355

SHA256
10fb1a6fb225b9ceadaf5271bd9f0021d44c55b26307d714cb0b6cf68a274fff

SHA512
96d36e7e600d461420071e2f8d8b73fa076c1777b0efff0930ffaa8f5064c04f8547e71508c372f87787278c43683f9101ef4cfa467784356a257fa1c033a719

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe

Filesize
468KB

MD5
d27550399c231983da609745fa7e458e

SHA1
2ff3df49d849d24c2c3a0abdf7d311ad7386fcbd

SHA256
4464326989b4b116d147d6bf234760b15cca6599c39e256d994d764ebab8ffbf

SHA512
81e2432c2e9807e985c2236701323d097cb0fc42b360728dab2ebcd1a1d2b476a4be42e75f4e64e28958c79c0e1cd36e5444634edc09bd48b21d7face0d3a5db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe

Filesize
468KB

MD5
ba56b5c4908dca346a7a2c842e0b9c31

SHA1
7a97537ef36bd7293068416ca0a89358f80da1d1

SHA256
3adf88329f31e5c0e69819da81c4f57399a205b591361835d0b4659ae4f8ed83

SHA512
7fc4a312c011055db0b6e0bf1a0b8d50ab9f3e80078730fdb35069a1fd396b825f5a4d99629fae1261c10e2d5badd06e3fc772f4104f238dce5df92cda76a3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe

Filesize
468KB

MD5
39a3e4ba451afea01ef61d7b67daf9d1

SHA1
644b8ff1d0a7a3116ff94198e5906c8e07a8b0e3

SHA256
f54fb36253df48f88972de05470bd1ca6212d7683b07acbb83e7248b7487f1ca

SHA512
d3c5af6c01fe7b673181874e49210e604fe6bf0d7eb8300e22b978a6896e6ae9a3215d87cafe56304a7dbff6e1444a01c6a86270388f63378a3b035f0f16527b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe

Filesize
468KB

MD5
8f49f912702c4230af6c9d5937202e11

SHA1
289fbeb11d1588184dcb9098f0015eb35221b095

SHA256
69f5e77208049a203ddf68e922e19db19e81b90ffdc141aefa3de53cdf9a6c97

SHA512
9c5c80e51d4c1b9b78fcf21b86ff7326a9c10f8a3ca8cc8d40a15cb43bed54d62f1607d0f4bada3b0384e23011806a354dea79650517d4a2b19e3756b7ae731d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe

Filesize
468KB

MD5
555e867b743d8e3b230e3992fff72f1c

SHA1
12de53e550c91872c5193e1794c15363b2a0c8c3

SHA256
6e4c87f47b444f50428a42dbac13024b18dd74995db6175ff7321e6fe7ff584c

SHA512
52acb60e13642a1329579fbaa7a8f6b22cb0932bd1ac213fadb72c3aad7f15068495e0666b814444d41eec7c77f7f17323384c1f5e7c464c4ec0ea2532ebc4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe

Filesize
468KB

MD5
98a0fb86c24cc080f8742bc84bf8597b

SHA1
7e7878ceb5873f9885843d2382a800d6f62802cd

SHA256
e7a06897fc51ef4e27c54637e4340d850fdd0aa7598b585462b64d5878ad1b6f

SHA512
2ac5acdbc75095d71c2d9ba314fea4d79439473ed95a9c2a170d1a3c3ea74192b1ae48c8f2abc476d09d0acbeec58132181406499b5c90e86e20d1bd9815f273

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe

Filesize
468KB

MD5
96b0e2a16762c161faa616a65a0cc05f

SHA1
9f82bb5aea9daf944e87771a1f4c3ef03a05b1f0

SHA256
c774002a7d5504cc6b4dd6d013a81d314a4d98a0f97c55f70efe822fb05debdd

SHA512
7381808b39199d83f64058bcad7f9af90b3e20105034ffc69376ed77e8dae31f447d5e2991e3ef7cc0a0088f8db64b557e9b5ef59572b00c773e05e3ae04b0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe

Filesize
468KB

MD5
5e3134d4990765c36d7497462fb61c08

SHA1
aa133a5795e55f8819e2f7761c894e61cb6a9974

SHA256
f09dfaf8cd055b0a97e195bda781ce3ce36dafbc19a316a95c56d38280406c97

SHA512
e070ef8e29a7b3c655bbaa78f833602826cea023166638326e6fbb3006d011ddd135df613c458123299c7655c09a0dcd5400b0e3a46783239c01097dfef240bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe

Filesize
468KB

MD5
6ceac70c62f3cb101cf315789e37cd10

SHA1
88878bdcf4e7877c0e2ac54fd34c255eec7d3ca7

SHA256
28118da0df444348c7d7f5579bba4c56e5263ff2ff197d132b48ef89c842ea58

SHA512
68e688344ade4f531e76a4778a01caadccff7399660a9688846e5b0a952fbe644a782f6826da35fc37902375a788d13e9d7e0e398b0028070d915ce57fc6a1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe

Filesize
468KB

MD5
610b19176c4d3dee4bdd0864c3b532ea

SHA1
fa7a9f0ddeb477f5b0276170aeb98ac386afa587

SHA256
44a6b819181e56da9d4edc76362cecfe0922223b68cc483d5f345be8489bf1a7

SHA512
892f4664513668efea74d1b9151c242c13d43fa0634aea4da1e1ca89e655abd45c50f125a02d3c9bf27a5a5eceb745050f45683af7d4bb62813188372176fc29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe

Filesize
468KB

MD5
d7f48f50cd9398746186dd11b8125be8

SHA1
0dcfbb865cfc33f147f88ebd27dc9afa2d55b688

SHA256
b2d137af3ce0b3a25bb3866e8dd300cff7619d54587bdbd0059e463034ecb346

SHA512
d66c2da67b204cf3d08c31a04e028f5e4f8d9066cfc6359825371625bd013cf39b22a2abb33283452ed2702f8e77eba518ce5cb921f5d945cf18ab3a9e64575a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe

Filesize
468KB

MD5
b9036209ad8ad49bce8fb9b792905167

SHA1
a09dfd1d71cfb2a1b0823a5cafc675c1245c1d70

SHA256
e28aca30bfab0633e8896348a60fbf7727d0e2ad9a0c9fc12cf50b5e9ef38d7e

SHA512
81c4f8c62de5652900a30fe27ded08992ba6197b1955132f19e80c17f0d7e6d296568da8206dad817ef84f7275507f1052c1e0f93b821dc30e4917d05e535bb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe

Filesize
468KB

MD5
5dbb7adef1e7958d605b3cd49101a019

SHA1
98d67e7702e5d41cfde7d8001c3629a33fbd52ef

SHA256
19870e71075b353a075e56e03593787e2fc0b9ff56a470ac662d185e3b12b8ec

SHA512
5c4e33df48e734d1f5e2e871398ea2ae9e52908c9478b5747f09caf7af7656f2a3f9639a6de56390707bb74d811e9a75a48b3f6eee1207446d615cbe9b2ac2fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe

Filesize
468KB

MD5
ad3a2164307782a7c1d5fae5e241d645

SHA1
71438a5a9c62b378d5ea016a5273bfd2a7355a44

SHA256
662b8923223038d1799945ad39bec7db38b89cb61bd3bfe6014311b5fac63afc

SHA512
a33d81342e0e9bb969c66fe5eff58b10d6ed8a0ba8ec65f7954798a1897c2d32c9c7358f8733dc5ec161ea596e0f6ba57418789ba5a4fdb3b863f70d3f6ab0e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe

Filesize
468KB

MD5
5032b472ec632ca381835d15315774d7

SHA1
54c001e0237a2240476ac3eb6bf438bd9f7867e6

SHA256
71aedb0392c76783a99a3fa18abd8620d1ff0db84a22b8fba710b7585ccd3e43

SHA512
2ebc47681648b16431d85c1cb09d6cc3153f58cb2142e4122a2ec2308d995381b51f159907218f792e8f0e1db5b21f52514c6d03f29749a1db9581fbebe8f665

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe

Filesize
468KB

MD5
8f708c19844973115fb279dcf62aba87

SHA1
350a93c23c7a8dfdb27f05e62121071fed3de222

SHA256
863ea77f4244933f18dd11a04c3fb950b2bd4d1fa117ed5dbcfb1e0f777e5fcd

SHA512
62437f16f5dc5d18ef12939a5437b2aa3b3b2b103aacee7ef7f2d69b7e7da07601988f72ccde2a41963054ec0ba3f520caeb2e36907ce6e7b311f0624d08cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe

Filesize
468KB

MD5
ca2557cfe0d8649e0e126277fc504146

SHA1
8daed610aa51dce56e803694ab7eec2c882e3238

SHA256
ad834de80ac09226e3bbe96d95c8840f0522719df27280bc61b1ec588254fcde

SHA512
24984687c9890405d1c2ccf384f2f3f3122d3ff80916611fb6f1f6243593c9ddd8836a204204af745fcf7c9e330832fd180c1428d2d39bce7441c0ac11e2003b

Download Submit
memory/544-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/800-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1188-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1332-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1660-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-2548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2404-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-53-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-108-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3140-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3148-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3432-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3500-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3632-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3808-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3852-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3888-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4028-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4056-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4180-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4276-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4684-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4936-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4988-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5392-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5404-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5488-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5500-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5516-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5528-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5632-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5648-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5748-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5800-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5812-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15488-2543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads