02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358d

Analysis

max time kernel
117s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe
Size

468KB
MD5

2fba471de991e1d7474e0565e35e2740
SHA1

24bffdcb5913596d5f9f601cb7fdc7e8a8a7ce61
SHA256

02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358d
SHA512

9ca7faeff919a6c4ef7797f863ab4d02f8c668f43f2160067b810350beaf33b2614671bd12abe83fa88d3888467d893d880657a5d51e9341819fec2aa8fb5614
SSDEEP

3072:dRmnogBRj28U2bYcPz4yqf8/0Dhj5Ip9vpHGvTK+868jm3KeEglR:dRWoiXU27PMyqfP0SV86OQKeE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1112	Unicorn-44310.exe
3560	Unicorn-58674.exe
4912	Unicorn-38808.exe
3404	Unicorn-25338.exe
2600	Unicorn-13085.exe
228	Unicorn-6955.exe
2464	Unicorn-21808.exe
3680	Unicorn-55846.exe
772	Unicorn-15368.exe
1472	Unicorn-14548.exe
680	Unicorn-14813.exe
1116	Unicorn-52317.exe
2176	Unicorn-515.exe
3412	Unicorn-50501.exe
3932	Unicorn-63158.exe
1652	Unicorn-26764.exe
4992	Unicorn-30294.exe
736	Unicorn-47974.exe
2576	Unicorn-41844.exe
4516	Unicorn-35722.exe
2716	Unicorn-35457.exe
3856	Unicorn-23278.exe
5012	Unicorn-13063.exe
2944	Unicorn-3412.exe
448	Unicorn-55380.exe
4452	Unicorn-1003.exe
3116	Unicorn-24814.exe
4668	Unicorn-10515.exe
3844	Unicorn-26328.exe
64	Unicorn-21498.exe
4872	Unicorn-17222.exe
676	Unicorn-34112.exe
4316	Unicorn-36748.exe
2680	Unicorn-21882.exe
4332	Unicorn-1196.exe
4060	Unicorn-58638.exe
220	Unicorn-46386.exe
1508	Unicorn-9992.exe
396	Unicorn-63277.exe
796	Unicorn-17606.exe
4036	Unicorn-47694.exe
3308	Unicorn-63261.exe
2768	Unicorn-23190.exe
2392	Unicorn-10745.exe
4704	Unicorn-2577.exe
1840	Unicorn-35250.exe
3656	Unicorn-63838.exe
2776	Unicorn-49540.exe
3660	Unicorn-35804.exe
1752	Unicorn-42961.exe
2764	Unicorn-19276.exe
1400	Unicorn-22043.exe
3272	Unicorn-14445.exe
244	Unicorn-1928.exe
2672	Unicorn-34601.exe
1108	Unicorn-43034.exe
4728	Unicorn-27252.exe
1420	Unicorn-7237.exe
4364	Unicorn-60522.exe
4976	Unicorn-7792.exe
184	Unicorn-17443.exe
3444	Unicorn-35634.exe
3712	Unicorn-64777.exe
5048	Unicorn-4807.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
5304	396	WerFault.exe	127
15660	5444	WerFault.exe	326
14576	15212	WerFault.exe	711

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64084.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15420	dwm.exe
Token: SeChangeNotifyPrivilege	15420	dwm.exe
Token: 33	15420	dwm.exe
Token: SeIncBasePriorityPrivilege	15420	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe
1112	Unicorn-44310.exe
4912	Unicorn-38808.exe
3560	Unicorn-58674.exe
2600	Unicorn-13085.exe
3404	Unicorn-25338.exe
228	Unicorn-6955.exe
2464	Unicorn-21808.exe
3680	Unicorn-55846.exe
772	Unicorn-15368.exe
2176	Unicorn-515.exe
1472	Unicorn-14548.exe
1116	Unicorn-52317.exe
680	Unicorn-14813.exe
3412	Unicorn-50501.exe
3932	Unicorn-63158.exe
1652	Unicorn-26764.exe
4992	Unicorn-30294.exe
2576	Unicorn-41844.exe
736	Unicorn-47974.exe
2716	Unicorn-35457.exe
3856	Unicorn-23278.exe
4516	Unicorn-35722.exe
448	Unicorn-55380.exe
5012	Unicorn-13063.exe
2944	Unicorn-3412.exe
4452	Unicorn-1003.exe
3116	Unicorn-24814.exe
4668	Unicorn-10515.exe
3844	Unicorn-26328.exe
64	Unicorn-21498.exe
4872	Unicorn-17222.exe
676	Unicorn-34112.exe
4316	Unicorn-36748.exe
2680	Unicorn-21882.exe
4332	Unicorn-1196.exe
4060	Unicorn-58638.exe
220	Unicorn-46386.exe
1508	Unicorn-9992.exe
796	Unicorn-17606.exe
396	Unicorn-63277.exe
4036	Unicorn-47694.exe
2768	Unicorn-23190.exe
4704	Unicorn-2577.exe
2392	Unicorn-10745.exe
3656	Unicorn-63838.exe
2776	Unicorn-49540.exe
3660	Unicorn-35804.exe
3308	Unicorn-63261.exe
1840	Unicorn-35250.exe
244	Unicorn-1928.exe
3272	Unicorn-14445.exe
1400	Unicorn-22043.exe
1752	Unicorn-42961.exe
4728	Unicorn-27252.exe
2764	Unicorn-19276.exe
1108	Unicorn-43034.exe
2672	Unicorn-34601.exe
3712	Unicorn-64777.exe
3444	Unicorn-35634.exe
5048	Unicorn-4807.exe
4976	Unicorn-7792.exe
184	Unicorn-17443.exe
1420	Unicorn-7237.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 1112	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	82
PID 3480 wrote to memory of 1112	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	82
PID 3480 wrote to memory of 1112	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	82
PID 1112 wrote to memory of 3560	1112	Unicorn-44310.exe	83
PID 1112 wrote to memory of 3560	1112	Unicorn-44310.exe	83
PID 1112 wrote to memory of 3560	1112	Unicorn-44310.exe	83
PID 3480 wrote to memory of 4912	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	84
PID 3480 wrote to memory of 4912	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	84
PID 3480 wrote to memory of 4912	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	84
PID 4912 wrote to memory of 3404	4912	Unicorn-38808.exe	89
PID 4912 wrote to memory of 3404	4912	Unicorn-38808.exe	89
PID 4912 wrote to memory of 3404	4912	Unicorn-38808.exe	89
PID 3480 wrote to memory of 228	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	90
PID 3480 wrote to memory of 228	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	90
PID 3480 wrote to memory of 228	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	90
PID 3560 wrote to memory of 2600	3560	Unicorn-58674.exe	91
PID 3560 wrote to memory of 2600	3560	Unicorn-58674.exe	91
PID 3560 wrote to memory of 2600	3560	Unicorn-58674.exe	91
PID 1112 wrote to memory of 2464	1112	Unicorn-44310.exe	92
PID 1112 wrote to memory of 2464	1112	Unicorn-44310.exe	92
PID 1112 wrote to memory of 2464	1112	Unicorn-44310.exe	92
PID 2600 wrote to memory of 3680	2600	Unicorn-13085.exe	94
PID 2600 wrote to memory of 3680	2600	Unicorn-13085.exe	94
PID 2600 wrote to memory of 3680	2600	Unicorn-13085.exe	94
PID 3560 wrote to memory of 772	3560	Unicorn-58674.exe	95
PID 3560 wrote to memory of 772	3560	Unicorn-58674.exe	95
PID 3560 wrote to memory of 772	3560	Unicorn-58674.exe	95
PID 3480 wrote to memory of 1472	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	96
PID 3480 wrote to memory of 1472	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	96
PID 3480 wrote to memory of 1472	3480	02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe	96
PID 228 wrote to memory of 680	228	Unicorn-6955.exe	97
PID 228 wrote to memory of 680	228	Unicorn-6955.exe	97
PID 228 wrote to memory of 680	228	Unicorn-6955.exe	97
PID 4912 wrote to memory of 1116	4912	Unicorn-38808.exe	98
PID 4912 wrote to memory of 1116	4912	Unicorn-38808.exe	98
PID 4912 wrote to memory of 1116	4912	Unicorn-38808.exe	98
PID 1112 wrote to memory of 2176	1112	Unicorn-44310.exe	99
PID 1112 wrote to memory of 2176	1112	Unicorn-44310.exe	99
PID 1112 wrote to memory of 2176	1112	Unicorn-44310.exe	99
PID 2464 wrote to memory of 3412	2464	Unicorn-21808.exe	102
PID 2464 wrote to memory of 3412	2464	Unicorn-21808.exe	102
PID 2464 wrote to memory of 3412	2464	Unicorn-21808.exe	102
PID 3680 wrote to memory of 3932	3680	Unicorn-55846.exe	103
PID 3680 wrote to memory of 3932	3680	Unicorn-55846.exe	103
PID 3680 wrote to memory of 3932	3680	Unicorn-55846.exe	103
PID 2600 wrote to memory of 1652	2600	Unicorn-13085.exe	104
PID 2600 wrote to memory of 1652	2600	Unicorn-13085.exe	104
PID 2600 wrote to memory of 1652	2600	Unicorn-13085.exe	104
PID 772 wrote to memory of 4992	772	Unicorn-15368.exe	105
PID 772 wrote to memory of 4992	772	Unicorn-15368.exe	105
PID 772 wrote to memory of 4992	772	Unicorn-15368.exe	105
PID 680 wrote to memory of 736	680	Unicorn-14813.exe	106
PID 680 wrote to memory of 736	680	Unicorn-14813.exe	106
PID 680 wrote to memory of 736	680	Unicorn-14813.exe	106
PID 3560 wrote to memory of 2576	3560	Unicorn-58674.exe	107
PID 3560 wrote to memory of 2576	3560	Unicorn-58674.exe	107
PID 3560 wrote to memory of 2576	3560	Unicorn-58674.exe	107
PID 1112 wrote to memory of 2716	1112	Unicorn-44310.exe	109
PID 1112 wrote to memory of 2716	1112	Unicorn-44310.exe	109
PID 1112 wrote to memory of 2716	1112	Unicorn-44310.exe	109
PID 1116 wrote to memory of 4516	1116	Unicorn-52317.exe	108
PID 1116 wrote to memory of 4516	1116	Unicorn-52317.exe	108
PID 1116 wrote to memory of 4516	1116	Unicorn-52317.exe	108
PID 1472 wrote to memory of 3856	1472	Unicorn-14548.exe	110

C:\Users\Admin\AppData\Local\Temp\02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe
"C:\Users\Admin\AppData\Local\Temp\02bd8155c3bd76cb6f27d865701a233183c109728fbcf3174415a0f88990358dN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        8⤵
        Executes dropped EXE
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        10⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        10⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        9⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        9⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        10⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        9⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        9⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        10⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        9⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        9⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        8⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        11⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        10⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
        10⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        10⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        9⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        9⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        9⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        9⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        8⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
        9⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        9⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        9⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        7⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        7⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        9⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        9⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64518.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        7⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        9⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        9⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        9⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        8⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        8⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        9⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        8⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        7⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        7⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        6⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        6⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
        8⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        8⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5592.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62471.exe
        7⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        6⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        5⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        6⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        5⤵
        
        PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        10⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        10⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        10⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        9⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        8⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17879.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        7⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        9⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        7⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        6⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        6⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        5⤵
        
        PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        6⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        8⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        8⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        7⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        7⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        7⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        7⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 652
        7⤵
        Program crash
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        6⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        7⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        6⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        7⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        7⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        6⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        5⤵
        
        PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
      4⤵
      PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
      4⤵
      PID:15916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
        7⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        7⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        6⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        7⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        7⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        6⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
        5⤵
        
        PID:15212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15212 -s 464
        6⤵
        Program crash
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        5⤵
        
        PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        7⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29335.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        6⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        7⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        6⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
        5⤵
        
        PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        5⤵
        
        PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        7⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        5⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        5⤵
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
      4⤵
      PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
      4⤵
      PID:8628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        7⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        7⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        5⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        5⤵
        
        PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56799.exe
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
      4⤵
      PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
      4⤵
      PID:15624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        6⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        5⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        5⤵
        
        PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        5⤵
        
        PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
      4⤵
      PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
      4⤵
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        5⤵
        
        PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      4⤵
      PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
      4⤵
      PID:15484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
      4⤵
      PID:8788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
    3⤵
    PID:7384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
    3⤵
    PID:14648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
    3⤵
    PID:7184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        8⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        7⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64518.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        7⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        6⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
        6⤵
        
        PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        5⤵
        
        PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        7⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        5⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        5⤵
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
      4⤵
      PID:16504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        6⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        7⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        6⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        7⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 720
        5⤵
        Program crash
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
      4⤵
      PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
      4⤵
      PID:8492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        8⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        8⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        7⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
        7⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        6⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        6⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        5⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        5⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        5⤵
        
        PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
      4⤵
      PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
      4⤵
      PID:15564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        5⤵
        
        PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
      4⤵
      PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
      4⤵
      PID:7448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
      4⤵
      PID:13032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
      4⤵
      PID:7440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
    3⤵
    PID:9348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
    3⤵
    PID:14032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
    3⤵
    PID:9296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe
        6⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47030.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        8⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        7⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17029.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        7⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        7⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        6⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        6⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        7⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        5⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        6⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29335.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
      4⤵
      PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
      4⤵
      PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
      4⤵
      PID:17292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        5⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29660.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
      4⤵
      PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
      4⤵
      PID:15424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        6⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        5⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
      4⤵
      PID:7608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
    3⤵
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        5⤵
        
        PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32724.exe
    3⤵
    PID:9488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
    3⤵
    PID:14824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
    3⤵
    PID:8680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        7⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
        5⤵
        
        PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        6⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      4⤵
      PID:9156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
      4⤵
      PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
      4⤵
      PID:5592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
    3⤵
    PID:9040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
    3⤵
    PID:11960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
    3⤵
    PID:15300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
    3⤵
    PID:7772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
      4⤵
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        5⤵
        
        PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56799.exe
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
      4⤵
      PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
      4⤵
      PID:6388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
    3⤵
    PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
      4⤵
      PID:840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
    3⤵
    PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
    3⤵
    PID:8068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
    3⤵
    PID:6108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
    3⤵
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
      4⤵
      PID:6840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
    3⤵
    PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
      4⤵
      PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
      4⤵
      PID:6220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
    3⤵
    PID:10408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
    3⤵
    PID:13656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
    3⤵
    PID:5788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
  2⤵
  PID:5832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
    3⤵
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
    3⤵
    PID:11228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
    3⤵
    PID:14788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
    3⤵
    PID:6360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
  2⤵
  PID:2748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
  2⤵
  PID:9652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
  2⤵
  PID:15340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
  2⤵
  PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 396 -ip 396
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 15212 -ip 15212
1⤵
PID:14388

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe

Filesize
468KB

MD5
5aaa7f587f1dce94eb76fc26bb454f49

SHA1
2e3d0fc83ec65b139309413452c224f25b48fba0

SHA256
142afe6a0b42a3914e67e9d4aa396df0302f28d8b5661053ad14ef081ef5d6d2

SHA512
2222a5fa59d9b6a6203c09c03bc046987d6d5d56befc65321271d5cc4d6695d64f5531f41975c899437a35e1c6d2f354731a4ac06fe3040375793b2ef67e78db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe

Filesize
468KB

MD5
ba6e5460d208e972b97625f5c73c4b64

SHA1
11ec0b5f36f5631ce79df53b76b508fc3426a8fc

SHA256
79299b981922f34801d92ce01878405bc37a663cd7e05d43c598d8d81c188c2b

SHA512
51a72a84c248d7678aac444a39d2219a52773ce4f5211fc80a8dea628f72263bcda217ccbf07d1b6a8654a870eb3a0a32a1bfd3c0937e4a0841648f507d5da34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe

Filesize
468KB

MD5
c418362f33001bf523a3d992f4df3692

SHA1
51b6688d275190bb7fb9a1d12d27af71c678b75e

SHA256
95b6ac0c752746a748f7fa4428a3a8d6eb1b3e45f8125263de40a990ad4e6ba3

SHA512
8253e9eea5d6d6bebeb5ef3f8c0dca5a8ed579652296425157e5e0d29701dfc58a392137d9afdb5c3f84f354534d0b5a04dcd74e45132a394ab37ea4cf3ce710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe

Filesize
468KB

MD5
1db0d5456ba24156dcc2777478d01805

SHA1
04ebeb7b26c7a110e5b92664632f8946a19ff004

SHA256
aa2acda41d90d2e83c9e78c55a2dc0307f45e788da803651e10a1d4b521541a1

SHA512
90d2cd924b6ee0ae1c465ba8d1e3b70f608d0c18a857046973948f56215d3bd53a1920f693952c86f51edf1c2989ee12f1f85ba9677506ae0aad704383185b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe

Filesize
468KB

MD5
dec7f8e1d2f016916ef365b0491a4bc9

SHA1
88480184e89e918fd2ce5b9d4e1dec2151e89cbb

SHA256
72e97c5733245ba8e563440a7b0776b38b3f7fe3f36db20aa620c633760086d3

SHA512
4c3a76263dee6d14e71ab0b26cd7c07acf6b13eaa73c34dffdef8af8e57d2d6a070027f3b83852caf48ed1e684ab501860763f1c85ab7eee6098694c90583caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe

Filesize
468KB

MD5
deb513eb4985ec01b46b3b2c9413dcd5

SHA1
5be120f64b3d4cf67c810b6144051e58c560147e

SHA256
a4278368f12c7d84aa99b298779abbd77749389e773d2112d5fb61c505836109

SHA512
82599ae3469fd873bdabdff8182f4c13a3ca968438155c829b5a0d40ce3d679884ba28fd2d55a08bd000c19ada7265d94d79ab70068f5823ca3a9af23901bcb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe

Filesize
468KB

MD5
89c44d77a808ad50d479ec88d9a56904

SHA1
1e77c625df12c35b1f1ea1cd8032766e754da258

SHA256
5981d1b017c71178ab182e1123e41669ec1cd326750df482a0a71a826df93d28

SHA512
276655e0e238ed0490b8898bb475ea7a9f9be46a4f9fd211dfcb1b3555e0cc6ef40d7f28ea83f76ee0569e2f057e0285f23bff8f150e8c3447afe0d0721b48af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe

Filesize
468KB

MD5
6cbecc0e489c552e0556a9211972e5a1

SHA1
2b1ff5234e006f7fa8e0d0e8b055e0b7b0f1315e

SHA256
2a9a98a196b0de9179c464960a9cb821883eb002ae484343dbd0550b25939cf9

SHA512
fdef9fd3fb4479abba91176fac3104edb3f87862a34ffa25c989b7de6c80dd4859acfd04b624da737a12eeb5f25524f2e830a136d0e0789ffb6ec3f1ce563c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe

Filesize
468KB

MD5
e4d475ced6c84dad9f75139a7285f8d7

SHA1
226ba462ddb93ec569d9f010a85da4a29dd165e5

SHA256
d2ee9bc85c5a2840b60b04dad2f5a6a02f5f5745a1d63d06e1c2f49a618ee8d0

SHA512
d46e3d83f966014f458fb0cb2d402ddbc529e508674d947b3b5b7798dbfcafef78744a6ea8cdeb65aaddb66d2ba2f8b358a1d20622573e438637d01e221f772a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe

Filesize
468KB

MD5
67382d7c5d21387925527bd586d494b4

SHA1
faa0c43ac8edd4b2b84c024c6b3597c2a51ab5ba

SHA256
b6d23cef85642fc98cdbbd766ab6cc3d61fefac67c1ef6ebf3ce5e80a4f20be2

SHA512
d8fde747989d72420aaa41f25d5a7de5162096bdd113c986d2b8253fb407cb9335c731042a25d9e17774a71cdf854718b4dea53e1001968c1c291d809203b2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe

Filesize
468KB

MD5
9272e263ff4d556265799a1dd4db83c5

SHA1
fb20a03f2a17bdc6384f3cbb65a786241d0e05e3

SHA256
66ba9d75d30a6f346b81f8fc7e4688a38b21ac323a0d7c4cd7503c243dea7860

SHA512
9d2dac72cd4638a4a9fbe2df6d0d63df18aeaebdfd318890a0cdb7ef784a966b36fa241a97d132c687e674a2904423ceb0b0783b27124aba571f212201d6d69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe

Filesize
468KB

MD5
6b17679d924e0c3d5d41522d99759788

SHA1
69de980239ac9811baac8ede380129aba97f8059

SHA256
e73127b81f4f6ab7e48d3c115e89137b1a141ef868ce999d19838fa2a7241c62

SHA512
e6527f28e105822c96559fbd365b6f90e7c6f7666372853515387033cfaf43ea1479d567b3b7b576acdb786b96c9e4c9afe195d8ac38cfb98a1a99bdc9b89292

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe

Filesize
468KB

MD5
6ee8c9435bfea7aaaa4c0d8cdb4c5942

SHA1
4b081b8e54a264db52870a478272d6a448bd175d

SHA256
416d31c59eea210e442c459e1772b92b20fc90cb9f9335b6344031d92b30e87e

SHA512
56b9a841ac1946d6b1c8cd3dcd00008fc5742c242c11304c46b1ebd73d086dcd2e70b07cd88ae9b86e6691d73546a86ff5c9e6e349d286b2b436e8cc7b64f53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe

Filesize
468KB

MD5
6d17cb8ebbfd991489fcec556a03152a

SHA1
fe68033908de1b5ae4b91fbd48a83c20a0ad1856

SHA256
ad2a834259c64d8f524e383b15df296e30a8658644eaef48e1cbfb2272095011

SHA512
ac9e21ab638de6d5ca24eb97abfeb367294ad88e399f31c947ddacabbfde35f794c31563daa74b5bd3e99b4b7887fd72adaab0bbc6a5fdd42bc9349ea61547d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe

Filesize
468KB

MD5
e3eb3afa3a9d033c42b27c600c920691

SHA1
2197b7acd1b623e5e11c01d69db1f954d9123095

SHA256
3f33ce70d3f5d030af7bfc590685bb15dd1cf64a71213679abfa13d1d54aef17

SHA512
2e7e77fb196b82582432ab2f2d513f56d5f4544561179531ef4b3cbaea4fc859c8eac2358939f09cc2458966785622cc25ba1709d2ee7169714c513648e6306c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe

Filesize
468KB

MD5
1367a505be490bc666d59d817cece442

SHA1
b9017c25116021095c75cabca21ed2dc75f50227

SHA256
71baa2cd70cbb2e19b1f7886d103f9fe9f48deb6eb0d3e22a1ef563a42bb3337

SHA512
bba0fe51ca906a64ae1a8e46f0a3438b718485bee3f5eb4f481e3584500c39e527b7cc10b3907c7018f833cd941ab9adc4df8a168fbb9b5356ea093c649f6041

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe

Filesize
468KB

MD5
11553eacee0918d8bacb4873f43cf1e0

SHA1
951455aedf9eb0f1bb12aa48a204c7cac51dcd1a

SHA256
522cd37af1a2ba3b827092e6a53440eab498a66bbebf4093afbe129e98aa395c

SHA512
fdf195d72273880b2f2e4b4033549e09dd9a047cb18b1fcfb1d20bb01bca39edb011ebd97421729a95702bb54681d043cb963d79a14dcc54be7024dd08aaa73e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe

Filesize
468KB

MD5
7563b9b4e795e8fde553a9f18b4c76e9

SHA1
228d0872b247881e0280621193464c61f27eca33

SHA256
30af8fa354b85ea163535b1bb153cc8076b65bc90009b29eaa4abdf1c3861b76

SHA512
78c015ee380b49f422c9662f8ff05fcd7d82646705f82463dc1ec41bd135969f5c4e498aef1850030c8e8fea13d6b7684792774d9907e50aef8595eb2d0441c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe

Filesize
468KB

MD5
bf3d91dc1a4eec2a831de4427bec1150

SHA1
04f36c392d2ceef1403bdfa3f6ad4dd9b1d78f98

SHA256
f39f92de2ac2f9681a2cd25d9a59271798b77c11d990fd2ed17cf7a2cb228a8d

SHA512
eeccd30b8d228f3aa2527e61248417fb20751d0b0a5c6f93e99b5c833df471d2e3e92a8613b088ecef48f6179366fd11425e58a2fc2d8d971667a560c52032a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe

Filesize
468KB

MD5
49780025f71d9b5ba2ba5a3fa549e16f

SHA1
888c2a1992855c1c0e09501aea5f679b6305e391

SHA256
7f2429afa1008f18fcedc83a01d36b010f0bceec410cc53e39ad8e1a1b5f76f7

SHA512
a8b890015bd43e1d2c9d35d96a8eebdbd430d2cbbaded2afb502b40bc2cc99c6fa3e1656f57eb09596ecb869e6084dfb989a79af263039a3f2f7a5bcd7d2886f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe

Filesize
468KB

MD5
23db40c00617af830ce3230dc6a65060

SHA1
3a5312341f529be37fda7d77079a4adb81256dd3

SHA256
2158d7c70c692d2261359eeec5d27c8d1356602ec7a38a8c6bf67982c8ff7ee4

SHA512
a82f31084b263ffeca7d4359c6e7ac6b8bd17cb353027e71d87823037b64be2eba7cbbe398a2c243757d5a45145545c4efbcdf6048758f354a048abe23e9b5f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe

Filesize
468KB

MD5
15b1eda59107d6a341416f4575fb77eb

SHA1
10cff2b89e914f1ed0822746adb4068d5826a999

SHA256
fc45c85a4ab84e66a9bea44c900f7d98d332d23efa28c5cef2bfdfee390c4ae6

SHA512
a59bc26d2b1b2ec07d8c78e815abca88551e8394acae0f93bcbd4bb12424e83e782416a4effcbeb2fa50f75e76c85397b51b65cc59daa2661ec9bb9bbde025e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe

Filesize
468KB

MD5
eb2bbadb604875c3d45b0677b42753f3

SHA1
daf582d41dae957427443d5adadbaddcd3c7384a

SHA256
02e54a2d292b2ae0ad8f08bec5e1f5cf993452675ba8e66190960bea8bdc2f8b

SHA512
8da0940c272a830dac1269d8b253f3e9f706ba4d8cd4f6f8e7807a9a9d60f82912c2d66a40f7249c3a1061b3acc74165d07ee4a7c7d067671469f5868726df71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe

Filesize
468KB

MD5
53625fdc302d9002067a1d6bffda7b31

SHA1
9297380dffdcec0065856090b8a9519652bf9242

SHA256
3d3cf29a2cbccf081a72969336643a03049b4108b0f30737e9bf044dae48fcbe

SHA512
eccc458131d33d146a13f3b454a0e065916b423d309b3c38b2eb727e1d61256449c9d106d7907a28ef402c8548d4e72f24583005082043a9843611b4bc202bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe

Filesize
468KB

MD5
d5f50d9fd5827a1ce99f2f0c68f610cd

SHA1
dd685315bb0c913b32a10ac653daec70515ea93e

SHA256
27ca8cd2e75dd0b1ebdb293ce1ce8a6e982fd1ed8119df29b0fe674e6ef58515

SHA512
6416a4bd5c036ca3c5c0831695a86c5d08252acc23f84a170c6e765eccd970ed688ff5592d32b8ffc66cc0352a75b917db5e729ec9a6b94e149b92724bed7efe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe

Filesize
468KB

MD5
d059ca72615d21c955ea1bf7520d5de5

SHA1
25be6dbaf7668d72645c61ec3e73affdac4aded8

SHA256
9a23c952e6060f17c18af913295b936da7bbdda2188231f03f294a9cfb03b3c2

SHA512
20f9bf64ddcd7cda29acff165a71882e16c7623e824bc1ab7621eb71fe34d1ad52624a9560ead207951ef6484f5f07b0b9bbe1f5f4b7a6a1eac4c3f145a8bcf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe

Filesize
468KB

MD5
533364236d179e108b390278eb45ce02

SHA1
4583c6010e20f1f8f182c0ee3a169900fc6032ed

SHA256
aa20c1790a2e82a7ae8a08e19fd302cc983c1d29f20d95469633cc951133c9cc

SHA512
8810855c7d5d427e7b5ae56bc5728dfca557c97f0a0de5ef878cf461bbdde92e0e67d7477250912fe9ed9ffd1e0e73ad9d87bb20a61309965af2953f451d150a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe

Filesize
468KB

MD5
e1137f4a7b227fd54fce532082d6c80e

SHA1
dd5499a0f6b16217236bfbfe4d2021c0cff6647b

SHA256
be67dfef18dce9a5ad2f6b71a78498c84f18171ad67c9433d8bf0b4665757714

SHA512
0eb4203a360c85358366690824ca4663d99e2ae781892614eecb8d5cfa98adef3b6a85b27e626357c6e1ef575c25f79c257e4e2d6cc60008775227c18ad454ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe

Filesize
468KB

MD5
b4e4df3de4eab6aac6cb9eff0a2e94b1

SHA1
e71592c3ddd72e5c79c96d210df643dcce345a49

SHA256
ecef12662432c721de02f48ad36c4a36915022e0c13211412eef12da42ac5042

SHA512
805af5d632262738b3c1fba0562e86e12372a02f994abadcae3cfec4c30782f20a803596e0a0ef299ab71fd4cfb575e99a726c7e61bb3faa8f09a8d929a1e325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe

Filesize
468KB

MD5
8c7e1e72f6248571241f1fd6450806de

SHA1
35272bbe6a86186cc737fe18642e7ceea4a67d62

SHA256
899437928c8d857e36b920e734f92fc492d52832b136077daad7ec2098673cb7

SHA512
33546f1e3dd3056ac4b3a4f34aa56b9ac4b273ec8da3f96eaafa7f9f71adf88299a9de8af86c356e56637792f5504843899a186cd4b30d1298d049c3d6682b8f

Download Submit
memory/64-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/184-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/228-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/244-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/448-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/652-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/676-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/736-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/772-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/796-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/820-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1108-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1112-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1116-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1344-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1412-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1420-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1472-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1800-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1840-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1876-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2292-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2392-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-2547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2776-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3116-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3272-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3308-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3404-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3424-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3444-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3480-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-16-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3656-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3680-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3712-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3856-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-2546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4036-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4060-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4316-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4440-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4516-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4560-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4668-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4704-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5012-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-567-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5452-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5528-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5544-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads