eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4

Analysis

max time kernel
113s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe
Size

468KB
MD5

0fc764eda8eac8a77f880cf2dc81e850
SHA1

95c6f0fe2cb3d880c938ef54041c9ddae3b78642
SHA256

eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4
SHA512

1fd07b5d99c158702fd281ea56fa930649b4ec686d96e45f3c25c1333eaeabbaffb9ff7ea90f83b01f6fc79fbe63cee803bd5ae8d26b660cac8ac384807c9010
SSDEEP

3072:/b6nogtd6O5ytbYEPYzhff8gg4bh+3pCnmHeVVV6D8kVVUNuIUlO:/bKov6ytHP+hffmZoQD80ONuI

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2200	Unicorn-33295.exe
324	Unicorn-2350.exe
1680	Unicorn-6989.exe
2068	Unicorn-58095.exe
2220	Unicorn-10932.exe
536	Unicorn-17063.exe
208	Unicorn-17617.exe
2356	Unicorn-20519.exe
1516	Unicorn-12085.exe
1500	Unicorn-28687.exe
876	Unicorn-42593.exe
2724	Unicorn-48723.exe
4260	Unicorn-44639.exe
4764	Unicorn-49278.exe
2424	Unicorn-45194.exe
920	Unicorn-64395.exe
4208	Unicorn-48614.exe
3912	Unicorn-32469.exe
4376	Unicorn-3134.exe
3068	Unicorn-3134.exe
2268	Unicorn-23555.exe
3380	Unicorn-31893.exe
2332	Unicorn-45629.exe
2680	Unicorn-14545.exe
2024	Unicorn-51759.exe
4644	Unicorn-51759.exe
3172	Unicorn-56398.exe
3168	Unicorn-42829.exe
1616	Unicorn-50555.exe
4384	Unicorn-22521.exe
4420	Unicorn-54639.exe
4608	Unicorn-7476.exe
3596	Unicorn-53798.exe
1212	Unicorn-34197.exe
4028	Unicorn-30519.exe
4640	Unicorn-39071.exe
2456	Unicorn-55962.exe
3992	Unicorn-55962.exe
4724	Unicorn-5630.exe
4492	Unicorn-57061.exe
3220	Unicorn-9906.exe
2196	Unicorn-26433.exe
3048	Unicorn-64151.exe
2472	Unicorn-19035.exe
4596	Unicorn-10866.exe
4324	Unicorn-11421.exe
1992	Unicorn-18272.exe
4528	Unicorn-52091.exe
4964	Unicorn-39574.exe
4848	Unicorn-39839.exe
3452	Unicorn-44478.exe
4456	Unicorn-58213.exe
4480	Unicorn-50045.exe
3692	Unicorn-39839.exe
4816	Unicorn-39839.exe
1436	Unicorn-56730.exe
2796	Unicorn-65472.exe
4448	Unicorn-62327.exe
4308	Unicorn-13531.exe
1896	Unicorn-58456.exe
2252	Unicorn-54107.exe
708	Unicorn-9255.exe
3440	Unicorn-1087.exe
952	Unicorn-62540.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4500	2420	WerFault.exe	154
17468	15952	WerFault.exe	817
17612	15400	WerFault.exe	794

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8278.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18332	dwm.exe
Token: SeChangeNotifyPrivilege	18332	dwm.exe
Token: 33	18332	dwm.exe
Token: SeIncBasePriorityPrivilege	18332	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe
2200	Unicorn-33295.exe
1680	Unicorn-6989.exe
324	Unicorn-2350.exe
2220	Unicorn-10932.exe
2068	Unicorn-58095.exe
208	Unicorn-17617.exe
536	Unicorn-17063.exe
2356	Unicorn-20519.exe
1516	Unicorn-12085.exe
4764	Unicorn-49278.exe
4260	Unicorn-44639.exe
876	Unicorn-42593.exe
2424	Unicorn-45194.exe
2724	Unicorn-48723.exe
1500	Unicorn-28687.exe
920	Unicorn-64395.exe
4208	Unicorn-48614.exe
3912	Unicorn-32469.exe
4376	Unicorn-3134.exe
3068	Unicorn-3134.exe
3380	Unicorn-31893.exe
2680	Unicorn-14545.exe
4644	Unicorn-51759.exe
2268	Unicorn-23555.exe
3172	Unicorn-56398.exe
2332	Unicorn-45629.exe
3168	Unicorn-42829.exe
2024	Unicorn-51759.exe
1616	Unicorn-50555.exe
4384	Unicorn-22521.exe
4420	Unicorn-54639.exe
4608	Unicorn-7476.exe
1212	Unicorn-34197.exe
3596	Unicorn-53798.exe
4028	Unicorn-30519.exe
4640	Unicorn-39071.exe
3992	Unicorn-55962.exe
2456	Unicorn-55962.exe
4724	Unicorn-5630.exe
4492	Unicorn-57061.exe
3220	Unicorn-9906.exe
2196	Unicorn-26433.exe
3048	Unicorn-64151.exe
4324	Unicorn-11421.exe
2472	Unicorn-19035.exe
4596	Unicorn-10866.exe
4528	Unicorn-52091.exe
1992	Unicorn-18272.exe
4456	Unicorn-58213.exe
4848	Unicorn-39839.exe
4964	Unicorn-39574.exe
4816	Unicorn-39839.exe
3692	Unicorn-39839.exe
4480	Unicorn-50045.exe
1436	Unicorn-56730.exe
3452	Unicorn-44478.exe
2796	Unicorn-65472.exe
4448	Unicorn-62327.exe
4308	Unicorn-13531.exe
1896	Unicorn-58456.exe
2252	Unicorn-54107.exe
4876	Unicorn-23929.exe
708	Unicorn-9255.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 2200	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	82
PID 1192 wrote to memory of 2200	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	82
PID 1192 wrote to memory of 2200	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	82
PID 2200 wrote to memory of 324	2200	Unicorn-33295.exe	87
PID 2200 wrote to memory of 324	2200	Unicorn-33295.exe	87
PID 2200 wrote to memory of 324	2200	Unicorn-33295.exe	87
PID 1192 wrote to memory of 1680	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	88
PID 1192 wrote to memory of 1680	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	88
PID 1192 wrote to memory of 1680	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	88
PID 1680 wrote to memory of 2068	1680	Unicorn-6989.exe	90
PID 1680 wrote to memory of 2068	1680	Unicorn-6989.exe	90
PID 1680 wrote to memory of 2068	1680	Unicorn-6989.exe	90
PID 1192 wrote to memory of 2220	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	91
PID 1192 wrote to memory of 2220	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	91
PID 1192 wrote to memory of 2220	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	91
PID 324 wrote to memory of 536	324	Unicorn-2350.exe	92
PID 324 wrote to memory of 536	324	Unicorn-2350.exe	92
PID 324 wrote to memory of 536	324	Unicorn-2350.exe	92
PID 2200 wrote to memory of 208	2200	Unicorn-33295.exe	93
PID 2200 wrote to memory of 208	2200	Unicorn-33295.exe	93
PID 2200 wrote to memory of 208	2200	Unicorn-33295.exe	93
PID 2220 wrote to memory of 2356	2220	Unicorn-10932.exe	96
PID 2220 wrote to memory of 2356	2220	Unicorn-10932.exe	96
PID 2220 wrote to memory of 2356	2220	Unicorn-10932.exe	96
PID 1192 wrote to memory of 1516	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	97
PID 1192 wrote to memory of 1516	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	97
PID 1192 wrote to memory of 1516	1192	eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe	97
PID 208 wrote to memory of 1500	208	Unicorn-17617.exe	98
PID 208 wrote to memory of 1500	208	Unicorn-17617.exe	98
PID 208 wrote to memory of 1500	208	Unicorn-17617.exe	98
PID 2200 wrote to memory of 876	2200	Unicorn-33295.exe	99
PID 2068 wrote to memory of 2724	2068	Unicorn-58095.exe	100
PID 2068 wrote to memory of 2724	2068	Unicorn-58095.exe	100
PID 2068 wrote to memory of 2724	2068	Unicorn-58095.exe	100
PID 2200 wrote to memory of 876	2200	Unicorn-33295.exe	99
PID 2200 wrote to memory of 876	2200	Unicorn-33295.exe	99
PID 536 wrote to memory of 4260	536	Unicorn-17063.exe	101
PID 536 wrote to memory of 4260	536	Unicorn-17063.exe	101
PID 536 wrote to memory of 4260	536	Unicorn-17063.exe	101
PID 324 wrote to memory of 4764	324	Unicorn-2350.exe	102
PID 324 wrote to memory of 4764	324	Unicorn-2350.exe	102
PID 324 wrote to memory of 4764	324	Unicorn-2350.exe	102
PID 1680 wrote to memory of 2424	1680	Unicorn-6989.exe	103
PID 1680 wrote to memory of 2424	1680	Unicorn-6989.exe	103
PID 1680 wrote to memory of 2424	1680	Unicorn-6989.exe	103
PID 2356 wrote to memory of 920	2356	Unicorn-20519.exe	104
PID 2356 wrote to memory of 920	2356	Unicorn-20519.exe	104
PID 2356 wrote to memory of 920	2356	Unicorn-20519.exe	104
PID 2220 wrote to memory of 4208	2220	Unicorn-10932.exe	105
PID 2220 wrote to memory of 4208	2220	Unicorn-10932.exe	105
PID 2220 wrote to memory of 4208	2220	Unicorn-10932.exe	105
PID 208 wrote to memory of 3912	208	Unicorn-17617.exe	106
PID 208 wrote to memory of 3912	208	Unicorn-17617.exe	106
PID 208 wrote to memory of 3912	208	Unicorn-17617.exe	106
PID 1516 wrote to memory of 4376	1516	Unicorn-12085.exe	107
PID 1516 wrote to memory of 4376	1516	Unicorn-12085.exe	107
PID 1516 wrote to memory of 4376	1516	Unicorn-12085.exe	107
PID 4764 wrote to memory of 3068	4764	Unicorn-49278.exe	108
PID 4764 wrote to memory of 3068	4764	Unicorn-49278.exe	108
PID 4764 wrote to memory of 3068	4764	Unicorn-49278.exe	108
PID 2724 wrote to memory of 2268	2724	Unicorn-48723.exe	109
PID 2724 wrote to memory of 2268	2724	Unicorn-48723.exe	109
PID 2724 wrote to memory of 2268	2724	Unicorn-48723.exe	109
PID 1680 wrote to memory of 2332	1680	Unicorn-6989.exe	110

C:\Users\Admin\AppData\Local\Temp\eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe
"C:\Users\Admin\AppData\Local\Temp\eb23b2405fe30ba1ac1d7f28cf678621f8c9c033fbe954b1a50230b53d2ca8a4N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        9⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        10⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        9⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        9⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        9⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        9⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        9⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        8⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        7⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
        7⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2025.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        8⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        8⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        7⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        7⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
        6⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        6⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        8⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        8⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        7⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        8⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        7⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        7⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        9⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        9⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        9⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
        8⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        8⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42638.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27139.exe
        8⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        7⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        7⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        6⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        8⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        9⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        8⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        7⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
        7⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        7⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        7⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
        5⤵
        
        PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        5⤵
        
        PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
        5⤵
        
        PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
      4⤵
      PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
      4⤵
      PID:14268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        6⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        9⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        6⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        6⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        7⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        8⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        5⤵
        
        PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
      4⤵
      PID:13808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        8⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29879.exe
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        7⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        6⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        6⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        5⤵
        
        PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        7⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
      4⤵
      PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        7⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        5⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        5⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        6⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        5⤵
        
        PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
      4⤵
      PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        5⤵
        
        PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
      4⤵
      PID:8148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        5⤵
        
        PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
      4⤵
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
    3⤵
    PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
      4⤵
      PID:16432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
    3⤵
    PID:9588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
    3⤵
    PID:14180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
    3⤵
    PID:17528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        9⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        9⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        9⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        7⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
        9⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        7⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        7⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15952 -s 436
        8⤵
        Program crash
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
        7⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        7⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15009.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        8⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        7⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        5⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        6⤵
        
        PID:18196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        5⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        6⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        5⤵
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
      4⤵
      PID:9108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        5⤵
        Executes dropped EXE
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        8⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        7⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        7⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        5⤵
        
        PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        7⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        6⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        6⤵
        
        PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        5⤵
        
        PID:15400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15400 -s 436
        6⤵
        Program crash
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
      4⤵
      PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34572.exe
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        7⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        6⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        5⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        5⤵
        
        PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
      4⤵
      PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
      4⤵
      PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
      4⤵
      PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      4⤵
      PID:15668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
    3⤵
    PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        5⤵
        
        PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
      4⤵
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
    3⤵
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
      4⤵
      PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
    3⤵
    PID:9624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
    3⤵
    PID:14272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
    3⤵
    PID:8288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        9⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        9⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        9⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        8⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        7⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51664.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        7⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        8⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        8⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        7⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        5⤵
        Executes dropped EXE
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        7⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        5⤵
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
      4⤵
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        5⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
      4⤵
      PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        7⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        6⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        5⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
        5⤵
        
        PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
      4⤵
      PID:2420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 720
        5⤵
        Program crash
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        5⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
      4⤵
      PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
      4⤵
      PID:16916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23157.exe
        5⤵
        
        PID:18388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
      4⤵
      PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      4⤵
      PID:15380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
      4⤵
      PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
      4⤵
      PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
      4⤵
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        5⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      4⤵
      PID:15156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
    3⤵
    PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
    3⤵
    PID:12104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
    3⤵
    PID:412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
    3⤵
    PID:6152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48399.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20255.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        5⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
      4⤵
      PID:17200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
      4⤵
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
        6⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        6⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
      4⤵
      PID:14624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
    3⤵
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        6⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        5⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
      4⤵
      PID:6956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
      4⤵
      PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
      4⤵
      PID:16448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
    3⤵
    PID:12516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
    3⤵
    PID:17036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        6⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62276.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
      4⤵
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
      4⤵
      PID:8396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
    3⤵
    PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
    3⤵
    PID:9280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
    3⤵
    PID:13868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
    3⤵
    PID:16880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
    3⤵
    PID:2812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
    3⤵
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
      4⤵
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        5⤵
        
        PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
      4⤵
      PID:14668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
    3⤵
    PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
      4⤵
      PID:15192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
    3⤵
    PID:8376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
    3⤵
    PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
      4⤵
      PID:10592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
    3⤵
    PID:8940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
    3⤵
    PID:12352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
    3⤵
    PID:16956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
    3⤵
    PID:7252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
    3⤵
    PID:12636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
    3⤵
    PID:17264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
  2⤵
  PID:9300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
  2⤵
  PID:13876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
  2⤵
  PID:17120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
  2⤵
  PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2420 -ip 2420
1⤵
PID:5632

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe

Filesize
468KB

MD5
5e928e14cf080aa4e25f015344850491

SHA1
260a89ab6c246f8d0a4206a82a5c903804dde3c8

SHA256
b7f630287c218a2d9a5d0c20cfd0d51b39486ed7396bb21920f8076a9e39baef

SHA512
53440ca81441baa6e62e502f570aa7309df1cd40eb64e48e800d4af619199053bafa18044ee41946f61d904a855ea2ee6d52facc61ccc27fe63e6f1d549271ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe

Filesize
468KB

MD5
b31c2002c203c90a9fb7fa13ab3de380

SHA1
ade2863950c7136a9135c1b44a10addfb9b73e7f

SHA256
5f3235dda007fd201144bce52f5b6792746a97125f81ca88000e806df51baf9d

SHA512
7363b13054128fa2f70480a3557d5f7704af33fb8ed0d5e38fdcb62bfc513f83a50f97163e579c998085a8200cd60925a56f0d205692c91e675b350d831d1465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe

Filesize
468KB

MD5
c19a425e03f90a6b33fe23db7e13575d

SHA1
2841f8770b5bbcd6513ad408b60f502cdfcc3328

SHA256
a22d764f7a3ee2bdb41ece4e65ca54eae5c162e1b2dc1a1cd30ee0bb6f977480

SHA512
d2b7bd364d80a648a63da95adf11246bb909315df6217764e7b67b3ad0f66dde9e73606c6a44fa102fbd0c88775030e0a6a02fac5b76b010732b6249438308c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe

Filesize
468KB

MD5
00af06ddc16d8b6686bbea67e06a7fa4

SHA1
ffea343f197e2f83cf40d2f4161c2a7f9b43bbd3

SHA256
263117e0bcac24af3543a7712b771f7cf13aa04d19ff28d5ea7818ba84f1ca46

SHA512
2136c5f5fd3210a2198de7d13fbf84a68ca227f9ee51a79cb0cc22f0bac981103467454aecba5af987cbcaff284bc9fd908e7c33e2410eff7950b7b1f1bd0d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe

Filesize
468KB

MD5
eef874ef1e330d8b78bb2232217e9526

SHA1
cfe92c923eaff3aaa016270a85f9e8666cf1823b

SHA256
b6793d1cb76402ff61db79a80e992dd42a4bed2372581339d284e33a04f4eb58

SHA512
d4f132ac3da7b8f1b5fe1609c516227c400416f882a1a0b040e37304df661ef559facbd9d911e8e143d1797d02dfe1f8635e610a90cdeac55f54de56f593990c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe

Filesize
468KB

MD5
e1e2cde6358b7090cdc3bf6acdf33d3d

SHA1
4af16b28c84dd95407af3419825e55e60e4ebcf7

SHA256
94f2e445595f024d78fc3f7cc8a266f5473f75852e2d29a4f5822216956cc6ad

SHA512
4876bda7d21f4b5cb0a7ee027623d695b6a6f1ed7ac0fd56ca2543fe4c34bf3d57123020942f5cc9e5ec1522fea608cdbd790bd5ff41d0adc1479043340addde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe

Filesize
468KB

MD5
c7a86e2e86d319ee99440a5ced277f7b

SHA1
6c7744c892aaac943345e7dc0f35f880651e7902

SHA256
eb851059b5da1d4d967a704588ea9f9e2b1a87f9f37726571d27f534a0cddd6a

SHA512
1a1044d8d89e42e879c0cac3c38bd65407f96b4a83ccd134e2dde8b5da3dafba490425a85f185e19e653da8cb215d51ea35147ffa83cdc331ceed7a6710e116a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe

Filesize
468KB

MD5
1f5a21ee4cff4a58edb0cd9c7525a221

SHA1
8f59098939160efd8ced765735d0d980fd421a48

SHA256
ee0b803c55bdbadb1c17481d16ddf9c5c2a5306b291aa8862ed9ca9517f46a13

SHA512
355258325669da3d366b4b0993b05fc186ba49c33b7b7d5e1cb37fd7b25e7900eacb6c6191894990e9e44d06e896e5b1ffa983675358b2863eecc18e3cbd8db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe

Filesize
468KB

MD5
40f20eb2551f625729158d6c58f483a5

SHA1
357354fa037fc7c8639f5ef66861062efe74e11b

SHA256
b7b36c051c1c4fb3a21bdd6ed21d9987c6316db7365fcae3321f8ac203ab94ff

SHA512
66c9106896d4fa9bcf96cbb9a372b4befd07dedf0c97eaab671cf586d06fe225238bcec027abe8740956520d29f5eaf6cc87a902c6b73f9b21f50b5c7c00e55d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe

Filesize
468KB

MD5
2a0a4c478cc8075bbd545870bc93522f

SHA1
23e51befb64bb704d45ff2409d169145f51bf275

SHA256
a3166df82437ff8fc3b6dfa02ca41648ed1a2a1c494d9a58d6141876498829fe

SHA512
4fb52acba7ab444b1799cc64c111657533e7fe6b0c9c7ee1dce63354f516c637912ab96798bbc94639f81414046b05ff694c68dd46acedbc014c10d1b5d0034a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe

Filesize
468KB

MD5
c929d61093543762286ae7c548a27b19

SHA1
edd76c2c5ca1283104dd161b75fd4e7bfeaf2089

SHA256
c763a4aa14b5f54adb9ba16a6ccb6c559983be1af348f3e3e2b39278322fccc3

SHA512
01feab5e6b8852fee4b317c326cab1f47c7a395a84078440b301fca5f7349968c39ceae698f5717eb49c267b9171daacb10a2765ef478025f0f8c55c8b6f0595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe

Filesize
468KB

MD5
f4dbd1dfaefb79719577a667169f713e

SHA1
78f4cf70101c57514e7d69a85d6e2bbe948c5087

SHA256
f64a882ef5c650d82aca89d03beb95f2c02af3b24b1221d8c830492b0eb09270

SHA512
f8ca3cecefeb272e2c2783ddcbeea8a560ccd356f4b1c85048eac654d9ee8c4af9b9f504e20fb0debc7d11324c1ff561d9627a2171339ab37359a82decf8e763

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe

Filesize
468KB

MD5
e5d2a48cde57685477dce71650aac3b0

SHA1
b513839a8b0634522cf0bb16248d45f6b4e8e5eb

SHA256
8fc1633eb45477589b18f74fd14b8524f9ce26d1472ab765662bfc0934d368c2

SHA512
18bd5fa266e79eaa7afa3328c6d9693432b81a347d8bcc959cd9b98b1148bc670fb553933438fc35162d46066182ac85f0ed90467f04abf65dafcf269a17ef75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe

Filesize
468KB

MD5
def2e92aafd3daae159afee162f42a52

SHA1
ddb7112ec66273f7bb3a2ff08fd4d3c7df6509da

SHA256
ba654c7f14f79fb582d4427167f8e546ab8f01ee5e8f440c6756a403a151fe9a

SHA512
5454d4c66b6ca17d97fed8aa35ccac15dcd722f92d055dc99cf76f499fce1a63792ca44d9396bb0eb0ababcef607cc5b119e57a155d31903fdbf9df4f5204700

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe

Filesize
468KB

MD5
770b2f8ca0587290fcf6b5c5a6962cfa

SHA1
9c9892097d1d61a1e395cd34b49623b19f6351c3

SHA256
202283aeb2dd25fc8d71c8cdbf9ba2c8740870e965419c67182fda2f591ff28c

SHA512
f15d9782dbbb66e79f754e588b2a8e978e4ad06ad60e048e43e35ee149323a40e4cd0acf90ab83799050ae83cba3a1de79e26be88e7596d687db01426e66629a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe

Filesize
468KB

MD5
d47b1d375aa3a679a4e3766b26adb700

SHA1
90629d82022d2a31e85b54cbd4851a1353cea015

SHA256
7f0efc1852cd6c696ec2a9d0e27096e555b88291fc2466d11fe2224e828120d1

SHA512
73d8d5d1e880d91dffaf1a09daf654d3de887f633cb2ebd9d57cf215a4970a066d390215b65ed3a099661668ee181a6c2f4a9a12e75b64599a852a913d417c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe

Filesize
468KB

MD5
33ac27172287b628ff9f93af5524ec7c

SHA1
03d6b2aba26ec747764599e6f052af8933f1d6bf

SHA256
80a08019361507555edb544c30c421f66e491c7261a696cf63b89fd00d751f45

SHA512
cb80565ab6713ba41623e5e45432d9c5a6415f2f5714d9c54cdcbd6e470e9f1bb3e939bff68abb5797804224a281dae009471aaeba1d0b0183fccdd949bf96e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe

Filesize
468KB

MD5
804681d9eb579eb0976b5f94dbef6fac

SHA1
80cf368fd8ccbc6017950dc891fb9b378427870c

SHA256
0e0b9a0d5cb5a61f077d2ab94101f435a9834261d5e45cf0850cce1df2a746ed

SHA512
ebdd6ca668f2a6efdac4f6a3c30ae74c00fc144e6c51585fd4482a103b82d611ea54ed3c1dce0d49bc1ddc5ac0ff6360f2cc0ffd948ea0f079a58ca889eff460

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe

Filesize
468KB

MD5
c1799f1755b0bef774698764fc583a5e

SHA1
5a1355bca9910985452e070dbb2011f6b7b4f8a0

SHA256
7dd732665c22285760e32532022f75e6be83dd75a33b5ffed4e8429bc1d54c35

SHA512
bd13f0062e1d675d6b2562d1101f8e68e59a5162ae137aa11bc6d7359e3d03a0d5bfb96e956fdc3ef9f6afaa72137b8e8a5df6dbf3edea04602e50f2f036c7a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe

Filesize
468KB

MD5
23135dcb4affc219eefc92f4905e35c9

SHA1
30fa7f189f229eed1d9d1104db4b93a42725d326

SHA256
2bfbbc7db00e92797aee27a1d65e59ae5da6750382aa4816e21ef02c532ca14a

SHA512
f4e548ddae11e55ff2cfa26fc2a46cc6178b481403bd6dd3b42b999aee8dc888baaa749b3a091b992c14fe807b8bbebb3fe1b2fd4a4d60421aed3e509c93d6f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe

Filesize
468KB

MD5
e67e0305b786d977b06de0d658d91afc

SHA1
41286d0e63975ff7d374090331f0f9c4fda458a8

SHA256
98bffc022eba051d916b8b30e6465bd6d6ccf520971960501fc12d516c210903

SHA512
55874e69a395d7c21f30767b7cef7ace0757fa25f3fde2c87c834bc6c9d5f26491d9cb6fd9d92344d26332c2453b4fde7379882f6628322459dc59c0af5686ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe

Filesize
468KB

MD5
d4ce60b63da2e3369b855a34b7f32496

SHA1
b0510b982e05cc28c3fe0fbb75f93ad0aaa033ee

SHA256
3fc685329612b4b9b61d551e9b56b5e9823acd4b8ec846d059f67db62a2dea40

SHA512
b0224ba0219bd375d093d9c2c812a00d3ea00a1c42650dcf2e32385b908e727fe5f3193f1f5236ee4f1c0c4a4427b39702665acd63fcf3fe27e1e8de46721efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe

Filesize
468KB

MD5
8b17ef3fdc2d954b25af4b29b33b39e5

SHA1
ca8836c5f9f6d1423d2bf600e8460c5c02e277bd

SHA256
7254f4564c45784cd3d7f959cdd1a6dbf075136a09dff7d3ff53c868b26eece0

SHA512
9591d6f8c0654f9fb6ac93d4cb9ef4e9e78d8af9da748cfdcb6aa08c5e95815bcd42b673e2129c2fc81e7cb1ee225bad1a06acc1a910986c494cfd84894633b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe

Filesize
468KB

MD5
93ab90654bd6e82388e2162b9225bebb

SHA1
712cc6af9178044dd21c661173cc66bae007783c

SHA256
ac9a11bc92382e3cc76652051b270f3f41fbfee1537076cfde07bdb2f60ce191

SHA512
97b1a5ec4f87c7bb8f79aae22d956b148fa744ece63f15ddf31580e45444f715d7a148cdac5c0af759e0094aa4f4b5eefb51ced5a5b0da5416037a033c522ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe

Filesize
468KB

MD5
4d74f585a810be6b4dc4eedcd14d5ddf

SHA1
3e0304ab6ac42e190e4b505f2ffbfeb0a77922ab

SHA256
91fd1c6621efe9b43b56a21041e33c59b3816bc318e3d887be2b8217134ca182

SHA512
0c2d7011ecc8d54c857cbdd41b91bb34340dfc14494dbf53349e82181817f9ca3e2f8596645b685ca89854560e26da9ef39ac1059f637da217c0a718580be495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe

Filesize
468KB

MD5
915e6316137722889e20e703b8078338

SHA1
7afc9f568d1417c12edc2d4a0042583d0b59142a

SHA256
c06524e41f939c01dc57d798851e83e1ba27a8c5fbfebe25ece62a727a1af040

SHA512
f60e702872ee05ec25d26dcbbd3e0396c385e34e7f0a59c42e2e56165b3583159d4848a235ba8fa73e147fd8da3fbc8a7098423414a7677b9fcbc2795a69c33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe

Filesize
468KB

MD5
b8cdc1ce6d2918c3e26df0b1d0f27c1a

SHA1
c5de437e4737759d2236e6cbc55b5f21d383a688

SHA256
e8e495b349e0ac98386a3831c93b0748f34346809c46c7dd2cad25e2a8cd7735

SHA512
f57a110614b7ad18000a88506ad27d5308af8e372d84ac0c34ebd692768023c93bf42b39462ee1c7ce1bf0929f08cd431ecd8b0906fd235bac9830c14768f24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe

Filesize
468KB

MD5
001e62c83d2e92772c8a00d87b9a94b8

SHA1
2ea863aa1aeb3ea656b0a49d10cd3ab90cc57516

SHA256
e596b93bd48b85d5f3bb9f8f6926e6e02f3a7c23a7a710c0a762fa79bff49717

SHA512
660ca67a637ff8e086cb07d4a3fe9d551183e96b0775de9a53995a99105ccf07e8a29b95fa3dd172882ab6e3a5c6de55f09f99769aa8dbd22945736d4b88f30d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe

Filesize
468KB

MD5
8b8773bb512f55c28537c3cd585086e4

SHA1
45b4c25ac708079674db14037f1c918e0fb058d8

SHA256
35331e09b9fc1826059b92016cf8a813c630d7f6adc8baa34abb3129366fbc82

SHA512
2221b173399813377d357f218f8ce00c2dd39c6d78b4b3ece548ddd4389a3bdb906f42091a1afd716e6dbdf547b81d59addcd481ccc0dbd1404aaad7ca729d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe

Filesize
468KB

MD5
7d06dd9750d93e76d09cc90cb44ff56b

SHA1
84f35359e522cc9da35d09f509067a62f5267fae

SHA256
e0216ae1f2544095abadb545701b82f575b2c7815210e5e4dbda085c55fc8efa

SHA512
f55fbe1eb1feab15882962b3de18950834239a77485b4d933325e7b91a357173e6208d9a07e17a49ad575ffdf76195e7b240bed933ffc2578b7bcda5066bbbdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe

Filesize
468KB

MD5
70312f4d7b6d44e29df8fc84c5530682

SHA1
4e1a5ba5d5719b75670fb62e4db483cd2efd7b03

SHA256
d34834b83cf4d9b576cae9655554f2c9ab741d56b49a83972688ace092f2db63

SHA512
6daa7e56f73a556fc53ad72e6e6921ba33fb8ef8493db18d15824b62fca5abb4215042b2084767e56fa24cd2d5bc0fa8f39e5b445730f413c3d1b502484d3ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe

Filesize
468KB

MD5
3f2aacdc4fa873dda4e7dea1c8c70994

SHA1
dd0eb3a71dc70515061026967e4cef70caf7c524

SHA256
6626f12a74baeb5faa02b8bf5d33f1a0c05456a297a1793b08c8c400cca8ac48

SHA512
079277d8ded67757c091b83b0ef8d82acf3abe7ad1eda6063b8fa7f0decffba3dba975c2506a423c70689651cd763a7814408e1006d7315632985a26b8b01b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe

Filesize
468KB

MD5
491bab6791483d740f3104fd5079a4b2

SHA1
7b59f4fa41273870bcafd0e715c1061c2c1b5ff8

SHA256
84737478de5f68fb8b943fdcee20e3e025bd31c5b5f1c079cf692631bb1b3cf2

SHA512
617eba1d625602f269f770091d9b8962fc87853172f2795174dbb4ebc502556803ec2a4ec793d851443be5aa268e86e25fb5aa9f50dea1202a3f41e928029c2e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads