618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe
Size

468KB
MD5

fcdebcffc5e6f59b203e8e90724ad7c8
SHA1

5e52f2bc71cc06e011ffeb3825c0068448b63754
SHA256

618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e
SHA512

f361ceef9b850ca398ac3418dfe49f08293cc95b48bd7a2e2d871b81307aa90bee5901e82467a45a7a172d98cd909e1811fcd66e441a96b3799de9405582972e
SSDEEP

3072:auGhogfxjg8U2bYZPUG8qf8/7C3jyIgZPwfI+V8PmxK+92rMt5Mo:auwogNU2aPL8qfQV33mx98rMt

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2856	Unicorn-58663.exe
3288	Unicorn-12560.exe
2064	Unicorn-19337.exe
3936	Unicorn-64823.exe
1940	Unicorn-40873.exe
4036	Unicorn-25929.exe
3008	Unicorn-19798.exe
3628	Unicorn-17543.exe
1700	Unicorn-17543.exe
4340	Unicorn-59130.exe
3380	Unicorn-13193.exe
4448	Unicorn-46686.exe
4508	Unicorn-60421.exe
1136	Unicorn-1014.exe
3748	Unicorn-47838.exe
988	Unicorn-51175.exe
3352	Unicorn-57952.exe
3476	Unicorn-8772.exe
536	Unicorn-22400.exe
3620	Unicorn-62057.exe
432	Unicorn-62057.exe
5040	Unicorn-64750.exe
4984	Unicorn-12948.exe
1884	Unicorn-19079.exe
3540	Unicorn-29193.exe
4148	Unicorn-55570.exe
2400	Unicorn-55835.exe
3100	Unicorn-9327.exe
816	Unicorn-23062.exe
4296	Unicorn-52519.exe
4740	Unicorn-11578.exe
4564	Unicorn-32483.exe
2936	Unicorn-59125.exe
8	Unicorn-50857.exe
4544	Unicorn-2311.exe
100	Unicorn-63017.exe
1064	Unicorn-52711.exe
460	Unicorn-52711.exe
2136	Unicorn-17085.exe
3316	Unicorn-51896.exe
2556	Unicorn-2140.exe
3640	Unicorn-38127.exe
4968	Unicorn-59509.exe
1688	Unicorn-39643.exe
3916	Unicorn-47257.exe
1608	Unicorn-58118.exe
2360	Unicorn-61190.exe
1488	Unicorn-23115.exe
3344	Unicorn-4086.exe
3264	Unicorn-47157.exe
1916	Unicorn-53287.exe
1472	Unicorn-40273.exe
336	Unicorn-48938.exe
3388	Unicorn-43073.exe
2428	Unicorn-53287.exe
1720	Unicorn-53287.exe
1256	Unicorn-53287.exe
4048	Unicorn-29337.exe
3532	Unicorn-63785.exe
2240	Unicorn-12373.exe
3644	Unicorn-55617.exe
3824	Unicorn-62394.exe
1392	Unicorn-8938.exe
60	Unicorn-50526.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
8800	13460	WerFault.exe	642
17676	18656	WerFault.exe	998

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25278.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16252	dwm.exe
Token: SeChangeNotifyPrivilege	16252	dwm.exe
Token: 33	16252	dwm.exe
Token: SeIncBasePriorityPrivilege	16252	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe
2856	Unicorn-58663.exe
3288	Unicorn-12560.exe
2064	Unicorn-19337.exe
3936	Unicorn-64823.exe
3008	Unicorn-19798.exe
1940	Unicorn-40873.exe
4036	Unicorn-25929.exe
3380	Unicorn-13193.exe
3628	Unicorn-17543.exe
1700	Unicorn-17543.exe
4340	Unicorn-59130.exe
1136	Unicorn-1014.exe
4508	Unicorn-60421.exe
4448	Unicorn-46686.exe
3748	Unicorn-47838.exe
988	Unicorn-51175.exe
3352	Unicorn-57952.exe
3476	Unicorn-8772.exe
536	Unicorn-22400.exe
432	Unicorn-62057.exe
3620	Unicorn-62057.exe
5040	Unicorn-64750.exe
4984	Unicorn-12948.exe
1884	Unicorn-19079.exe
4148	Unicorn-55570.exe
3540	Unicorn-29193.exe
3100	Unicorn-9327.exe
2400	Unicorn-55835.exe
816	Unicorn-23062.exe
4296	Unicorn-52519.exe
4740	Unicorn-11578.exe
4564	Unicorn-32483.exe
2936	Unicorn-59125.exe
8	Unicorn-50857.exe
4544	Unicorn-2311.exe
100	Unicorn-63017.exe
460	Unicorn-52711.exe
1064	Unicorn-52711.exe
2136	Unicorn-17085.exe
3316	Unicorn-51896.exe
2556	Unicorn-2140.exe
3640	Unicorn-38127.exe
4968	Unicorn-59509.exe
1688	Unicorn-39643.exe
3916	Unicorn-47257.exe
2360	Unicorn-61190.exe
3344	Unicorn-4086.exe
1608	Unicorn-58118.exe
4048	Unicorn-29337.exe
1256	Unicorn-53287.exe
1720	Unicorn-53287.exe
2428	Unicorn-53287.exe
336	Unicorn-48938.exe
1472	Unicorn-40273.exe
1916	Unicorn-53287.exe
1488	Unicorn-23115.exe
3264	Unicorn-47157.exe
3388	Unicorn-43073.exe
2240	Unicorn-12373.exe
3532	Unicorn-63785.exe
3644	Unicorn-55617.exe
1392	Unicorn-8938.exe
1260	Unicorn-770.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2856	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	82
PID 1028 wrote to memory of 2856	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	82
PID 1028 wrote to memory of 2856	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	82
PID 2856 wrote to memory of 3288	2856	Unicorn-58663.exe	83
PID 2856 wrote to memory of 3288	2856	Unicorn-58663.exe	83
PID 2856 wrote to memory of 3288	2856	Unicorn-58663.exe	83
PID 1028 wrote to memory of 2064	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	84
PID 1028 wrote to memory of 2064	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	84
PID 1028 wrote to memory of 2064	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	84
PID 3288 wrote to memory of 3936	3288	Unicorn-12560.exe	89
PID 3288 wrote to memory of 3936	3288	Unicorn-12560.exe	89
PID 3288 wrote to memory of 3936	3288	Unicorn-12560.exe	89
PID 2856 wrote to memory of 1940	2856	Unicorn-58663.exe	90
PID 2856 wrote to memory of 1940	2856	Unicorn-58663.exe	90
PID 2856 wrote to memory of 1940	2856	Unicorn-58663.exe	90
PID 2064 wrote to memory of 4036	2064	Unicorn-19337.exe	92
PID 2064 wrote to memory of 4036	2064	Unicorn-19337.exe	92
PID 2064 wrote to memory of 4036	2064	Unicorn-19337.exe	92
PID 1028 wrote to memory of 3008	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	91
PID 1028 wrote to memory of 3008	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	91
PID 1028 wrote to memory of 3008	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	91
PID 3008 wrote to memory of 1700	3008	Unicorn-19798.exe	95
PID 3008 wrote to memory of 1700	3008	Unicorn-19798.exe	95
PID 3008 wrote to memory of 1700	3008	Unicorn-19798.exe	95
PID 3936 wrote to memory of 3628	3936	Unicorn-64823.exe	94
PID 3936 wrote to memory of 3628	3936	Unicorn-64823.exe	94
PID 3936 wrote to memory of 3628	3936	Unicorn-64823.exe	94
PID 3288 wrote to memory of 4340	3288	Unicorn-12560.exe	96
PID 3288 wrote to memory of 4340	3288	Unicorn-12560.exe	96
PID 3288 wrote to memory of 4340	3288	Unicorn-12560.exe	96
PID 1028 wrote to memory of 3380	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	97
PID 1028 wrote to memory of 3380	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	97
PID 1028 wrote to memory of 3380	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	97
PID 2064 wrote to memory of 4448	2064	Unicorn-19337.exe	98
PID 2064 wrote to memory of 4448	2064	Unicorn-19337.exe	98
PID 2064 wrote to memory of 4448	2064	Unicorn-19337.exe	98
PID 2856 wrote to memory of 4508	2856	Unicorn-58663.exe	100
PID 2856 wrote to memory of 4508	2856	Unicorn-58663.exe	100
PID 2856 wrote to memory of 4508	2856	Unicorn-58663.exe	100
PID 1940 wrote to memory of 1136	1940	Unicorn-40873.exe	99
PID 1940 wrote to memory of 1136	1940	Unicorn-40873.exe	99
PID 1940 wrote to memory of 1136	1940	Unicorn-40873.exe	99
PID 4036 wrote to memory of 3748	4036	Unicorn-25929.exe	103
PID 4036 wrote to memory of 3748	4036	Unicorn-25929.exe	103
PID 4036 wrote to memory of 3748	4036	Unicorn-25929.exe	103
PID 3628 wrote to memory of 988	3628	Unicorn-17543.exe	104
PID 3628 wrote to memory of 988	3628	Unicorn-17543.exe	104
PID 3628 wrote to memory of 988	3628	Unicorn-17543.exe	104
PID 3936 wrote to memory of 3352	3936	Unicorn-64823.exe	105
PID 3936 wrote to memory of 3352	3936	Unicorn-64823.exe	105
PID 3936 wrote to memory of 3352	3936	Unicorn-64823.exe	105
PID 3380 wrote to memory of 3476	3380	Unicorn-13193.exe	106
PID 3380 wrote to memory of 3476	3380	Unicorn-13193.exe	106
PID 3380 wrote to memory of 3476	3380	Unicorn-13193.exe	106
PID 1028 wrote to memory of 536	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	107
PID 1028 wrote to memory of 536	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	107
PID 1028 wrote to memory of 536	1028	618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe	107
PID 4340 wrote to memory of 432	4340	Unicorn-59130.exe	109
PID 4340 wrote to memory of 432	4340	Unicorn-59130.exe	109
PID 4340 wrote to memory of 432	4340	Unicorn-59130.exe	109
PID 1700 wrote to memory of 3620	1700	Unicorn-17543.exe	108
PID 1700 wrote to memory of 3620	1700	Unicorn-17543.exe	108
PID 1700 wrote to memory of 3620	1700	Unicorn-17543.exe	108
PID 3008 wrote to memory of 5040	3008	Unicorn-19798.exe	110

C:\Users\Admin\AppData\Local\Temp\618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe
"C:\Users\Admin\AppData\Local\Temp\618cc26d80102abbf416408a16c5234cf9c242000d9275280b25c2b8ae63342e.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        10⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        11⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        11⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
        10⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        9⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        9⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        10⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        10⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        9⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        9⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        8⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        9⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56216.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        7⤵
        Executes dropped EXE
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        10⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        9⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        9⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        8⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        8⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        8⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        9⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        8⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        7⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        10⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        10⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        9⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        8⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        9⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        9⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        8⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        9⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        9⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        8⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        8⤵
        
        PID:18196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        7⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        7⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20919.exe
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62142.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        6⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        9⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        9⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        9⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        9⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        8⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        8⤵
        
        PID:17632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        9⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        8⤵
        
        PID:18496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        7⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        9⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        9⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        8⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        8⤵
        
        PID:18696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        7⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        8⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        7⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        8⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        8⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        7⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        7⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        5⤵
        
        PID:18656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18656 -s 212
        6⤵
        Program crash
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        9⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        8⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        8⤵
        
        PID:18520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        7⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41531.exe
        9⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        9⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        8⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        7⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        8⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        7⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        6⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        7⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        6⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37392.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        7⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16698.exe
        6⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        5⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
      4⤵
      PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
      4⤵
      PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        9⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        9⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        8⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        8⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        7⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        6⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        6⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        8⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        6⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        9⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        9⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        7⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        7⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        6⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
      4⤵
      PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        9⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        9⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        8⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        7⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11053.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        6⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        7⤵
        
        PID:13460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13460 -s 460
        8⤵
        Program crash
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        6⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        7⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        6⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        5⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        5⤵
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        5⤵
        
        PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
      4⤵
      PID:18372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        6⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        5⤵
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        5⤵
        
        PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
      4⤵
      PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        5⤵
        
        PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
      4⤵
      PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
      4⤵
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
      4⤵
      PID:15468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
    3⤵
    PID:7748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
    3⤵
    PID:12036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        9⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        9⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        8⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        8⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
        7⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        6⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        5⤵
        Executes dropped EXE
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        8⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        6⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        7⤵
        
        PID:17904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        7⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        6⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        8⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        7⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        6⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        6⤵
        
        PID:18612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        5⤵
        
        PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
      4⤵
      PID:13500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        9⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        8⤵
        
        PID:18584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        6⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        6⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        5⤵
        
        PID:18080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        5⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        7⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        7⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        6⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24972.exe
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        6⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        5⤵
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
      4⤵
      PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
      4⤵
      PID:18072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        5⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        6⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        7⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        6⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        5⤵
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        5⤵
        
        PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
      4⤵
      PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
      4⤵
      PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
      4⤵
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        6⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        6⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
      4⤵
      PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
      4⤵
      PID:17924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
    3⤵
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
    3⤵
    PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
    3⤵
    PID:12336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
    3⤵
    PID:18664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        6⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        7⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        5⤵
        
        PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        6⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        5⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        5⤵
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
      4⤵
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
      4⤵
      PID:11784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46380.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
      4⤵
      PID:16284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
      4⤵
      PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
      4⤵
      PID:18332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        5⤵
        
        PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
      4⤵
      PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
      4⤵
      PID:17732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
    3⤵
    PID:7508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
    3⤵
    PID:11680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
    3⤵
    PID:17532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        7⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        6⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        5⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51947.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        6⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        5⤵
        
        PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
      4⤵
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        7⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        5⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        5⤵
        
        PID:18684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
      4⤵
      PID:13808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7624.exe
    3⤵
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        5⤵
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      4⤵
      PID:18348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
    3⤵
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
    3⤵
    PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
    3⤵
    PID:15492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
    3⤵
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        5⤵
        
        PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
      4⤵
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
      4⤵
      PID:17972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28812.exe
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
      4⤵
      PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
    3⤵
    PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
      4⤵
      PID:18340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
    3⤵
    PID:12760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
    3⤵
    PID:17468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
    3⤵
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        5⤵
        
        PID:716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
      4⤵
      PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      4⤵
      PID:16020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
    3⤵
    PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
      4⤵
      PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        5⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        6⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        5⤵
        
        PID:17944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
      4⤵
      PID:18180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
    3⤵
    PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
      4⤵
      PID:18220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
    3⤵
    PID:12636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
    3⤵
    PID:18032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
  2⤵
  PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
      4⤵
      PID:17876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
    3⤵
    PID:13156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
    3⤵
    PID:17760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
  2⤵
  PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
    3⤵
    PID:9632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
  2⤵
  PID:9608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
  2⤵
  PID:14204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
  2⤵
  PID:15444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6480 -ip 6480
1⤵
PID:15256

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 18656 -ip 18656
1⤵
PID:17528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 14548 -ip 14548
1⤵
PID:10848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe

Filesize
468KB

MD5
e69c0e269bf986e2db3719e844c4e643

SHA1
328aa1c4947651bba97ab419cceade9df7a77e81

SHA256
ebdf88716ba729cf5c6c437b68100faa0df1b71d60ab91cb181c5035827d8ecf

SHA512
41630e9dcc60deff35f6a0e52f23e0595b2d8e3c11f7192d0416848f35c96127c54ada52dc1d630e9d8f7d3f2f9b98bc44094b7f2ac4c3a90d0f102deebf5ece

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe

Filesize
468KB

MD5
7e0b481eb220f2bd54363122968c6fe6

SHA1
6f9456e64e4b8b5014ea5511d49da286a4b1f7de

SHA256
3bddba06e31a4f845e6e06bbfc8d4105d86c5d2fed30a7d393e6d73e16e3bae3

SHA512
8e3da2dec51820f807fcc45be4baa9c3622567fd6f00f1c81d4804ccd0c5a1725fe86318448886ec280777befda065a0413f655cd54a6de3ed8189cef432ab49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe

Filesize
468KB

MD5
f87f279e117dca7211b99138030e9080

SHA1
550c4db2dd5c12432ac9b68562b88578d1449d33

SHA256
adaaa5c224d6c48b4e75b8f60be05f2d73f41d56fdc2d28415b858c376c3037e

SHA512
3e622cc1052436b18e9c15c87ca439eea5f453ef7e40ac7cb037e27fec5fef84b5ae63d6399b9d4e3488e7f70f00e752d11162b58b0e49b0322ee11cc9571e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe

Filesize
468KB

MD5
46e8407da7f4d1db507ba0c1959ff87c

SHA1
d9619f82b6af16d615bb8a0f861a139b5513f837

SHA256
0d480f5df24d1b5e18d25d160d36942c71bf9fb72b70ee863a06baeccb696c47

SHA512
1e6b143bf06b4b80a1e0eb317d247d97a4bc37fd6fd46352546c4c06eaa5a8a873a8e79cace50aee4228278f2b3f630e86877c7d5ff576b0b1fea35fb2b91d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe

Filesize
468KB

MD5
2186fed39a7e672073fa6c8a41326588

SHA1
57c4f61023b859aa6aac8d1a32df715dc39dd035

SHA256
c8b88ca55101102c4c4db01f674444522aeef79c27b1c088d7300153246580e2

SHA512
738f4920411b2b44dde639976591125300733d8741e1e6c76d7a5a7add7292d0d09ae27650096a56a7eb3d02dbe5300b983b0dc24098ef4902319fd7a9c890cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe

Filesize
468KB

MD5
5f6f5b77f1aead018e1f8c8dbbdd0044

SHA1
14b58b54d33994431cbffcbf07dafb0f896ec0b8

SHA256
c4975ac907ece8ffae4fbefd085c2055495ab8bb58ebc79c138cdbc8744c08dd

SHA512
61c384690b2270dccec25ccd55811561c18def1443164bcbedea02188ea0a75fcff4e8f61913b05c3d2ae212cefffb06a0691622a6743c110ca269c8ef92fe8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe

Filesize
468KB

MD5
10337e8e60061a93dda475c8fa2aa1b4

SHA1
38fe26b66397c946fe6d4f3b4087fe7fe4662e93

SHA256
1cb989f241c44963a9409e48999d45d717c0eec1c28c65b2673d21a9516b6615

SHA512
b78daf91fdf99b477c9ab21ab6b22baeaf2a5f2567a82df51697dab4e6b52647ab898212620e9448af2797ba87f17f6974c3e83151f168e2f6c39f3135ccfa42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe

Filesize
468KB

MD5
9618ad4f6cf119ff0293e089c9f8470d

SHA1
46bdac5b32f5b141e81891908b705032374a5003

SHA256
9f9d0c357b81b987fc77d6d611b5480f7f8025f6d86116fad828a204dcb14794

SHA512
c26ed22d45700ebeece1bf1d4527b708fe32abec496dbf7ac7e87e045edec3502243eb65028d228576fde9aac73170fdeb14d15b17149336a02e3c1ad37b63c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe

Filesize
468KB

MD5
7cdc8f79191c8f87672b3cf5b3073b1c

SHA1
72fb02c5d00840a4ba6f9aaaca91f982880f67cc

SHA256
ed1d9394c0b1bc414633fbede5b9e7e63021c08ecd761d4ac640ccff881c9457

SHA512
d7672c42bbf8b7566a0650511897adab9c524d8e5ff0d8b0289b3414603b63279502339ffec53cc7ed2e9ed68e9dd1f099ce3a28321ee19d203df4543cbc2b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe

Filesize
468KB

MD5
d51e7bbb4d4bba50aa1733571c2367c1

SHA1
adc4345a9cca0baec677bf0fafbd5fc09920b78b

SHA256
b5ac1a8b7e3dfff1541c0c3958ccc93ef460032ccc29f228da0fff24f268a87c

SHA512
7b9c1a791f470865e6264adb3c4da73daf781f08f045bf80e01dbaa79db59eb74613d7d34c35f2b7464e8cb0dd343d30fdc6ddc8bad00e8acacb9bfd018f3058

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe

Filesize
468KB

MD5
eabf1633e2bb1c643a1d55bd40d0ba79

SHA1
784c76628b53f512943b52b018678c3b498d7977

SHA256
492c9a2f352791c6d0426ddc9a06f0315b69da5c39a868cebfb0a0a62116f3e1

SHA512
087cd3ca7c204541fd05fe53f2f3f1a9df620161ecaddcd128cd4ea9c9725c249a44df9ca113bc22937f0eea5c130980d00a8709f9d50a08a0ba35f86a377b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe

Filesize
468KB

MD5
6c1f30781744af8dbee7fea548a64621

SHA1
b1c432cb5e87e4f7c5ae622e17c0c920f8a10a9b

SHA256
b96023b6793a2ca1e9246a6a6b5c704569197f40f1182c7e459955af466ee546

SHA512
6cc5e081a4c6d179e7ba1b9fc6eb8f52101184be140c93141b5c9929193738fc7ef7506cc29c3e2b8d330830b32ea74fbc3b0d4e025d02b74cefdc69e553ab41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe

Filesize
468KB

MD5
356d8bcfeaa2a6932ac1d0e8f7ae7e8d

SHA1
1983e1856e3c36180c67c706dc6353755cd4c213

SHA256
a00e61ccbe34e438074e403a41a56aa313b8fe324d6f15b461fe46de45abaa93

SHA512
5dd197a067996e3d790ac15611669958d97d795b06989b4353d48f89cf9e6ac01ac9ec7b6fc037fc87144ff4927ae0ae55e8d1849e53bdbb82f934a76e45d3f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe

Filesize
468KB

MD5
5a60fbd5257af35e00969d09af8f61fb

SHA1
83d0933dbb0a63a7de29345f70149ec39f6ea36c

SHA256
32b4020622e6205bb1538feead91a60b80f26a67f63b59ebcbcb7a152c6e00f3

SHA512
f29dc4f327a56109bf3e0a4054014aeee8cfe329853767d2c5a6350438671605e7a68ef36dfafa5fa959b5e0409d1a704c7d0aaf87a58016be7a5ae298d75e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe

Filesize
468KB

MD5
23bc5ee9bb54ab48ad8ba7ef6be1b046

SHA1
0a34fa545b4a18c3e86ea5dfc8bbed1af299baf0

SHA256
82180f3e7a26b65b74abcbf4bd29ed80417fb7da51ac5272ef15f27b6db5e331

SHA512
2288a47d3e5541a4ca6894d520b48c82fc8fefd84605092ea5ebdc7d2959873b341b5770a94221cc603ea99ae5cf823af0aa030e2dcd9bb54617d7cbb00b4ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe

Filesize
468KB

MD5
dca576b188d316309f6d1082e4245b1c

SHA1
77a7e038a7c3bee1dbbb4f45fa6593b13bebf3f6

SHA256
e6768fdd542f0a5bd986c96e616f6eaaca687d722b0910228c2d0eee20827031

SHA512
4d7c3e1478c6b12442ea19752ae8c9c041b239ace966b4ed6f77346d3548cbe8813078982fa369feb970a60061d995353795fc8d90e2de0d44bd627a1142f8b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe

Filesize
468KB

MD5
477b5b035c4e5389849054031dd15f74

SHA1
79c0510b6423d49e7e9cedf2ad6658b64ab85681

SHA256
7b5f3d139af0bd9703615ca9da69d9d1f7870217a9e5cb12e138bef4ae911fe8

SHA512
1e4416716dc5661022c2c84de177905684c9a47e9ec69c2144993e97e40dacc5e9a8b64b9aa15a81dfa76684f059122b7863609b7f89042bc32113d673e25655

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe

Filesize
468KB

MD5
c5c6afc461b48106e54ecef223576977

SHA1
9aae975ec456354ea0bae53f236736cf4cef50e0

SHA256
ab0b87a1d527412ceab0629c3d204ad282bcef946121126bfe5e23352104ff73

SHA512
f737287a1f468a76c689348e5d636db7e9425251c5939b2cd385b4468eef96ae8aa6fd48f17a14d6609b536c724d3129b3b3b421a08a3e8589918dc5ff0e7b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe

Filesize
468KB

MD5
9b5b3d9b1507e42d6917673865727308

SHA1
eceb78ca17c79b1e198822a1958d5da5342e763f

SHA256
e04daededff9a72a14882339f3c4ea68377e2dcd61b7a0ba0215976005b4575c

SHA512
4bf478329a2a6fa1388495a667849c54019283a77207bb9b008469c5104ddd80865401e21f04bc946af703532940d7acae86f352493f2e5ea100fc1f3f8f4f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe

Filesize
468KB

MD5
6c26578ca3c6baf667725d29bcadc19c

SHA1
7352314209fddd99f8800f04536ee966ec92238c

SHA256
04b48ea5332a226f88ee994d33ec97450a598f70081d727216943af9d619e0bf

SHA512
7a14011ff9796b84702de77d2647f37148022e7b4aad84b7c232aa7ce7482357e051f11116222980d153b41c41fa3f1c3b4105cc7c5953bc1229ec296aeaca32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe

Filesize
468KB

MD5
b342a3f6a9004b1165b46667282bf49a

SHA1
b8f10ace5d2a7f3a58eb74d8521e1c4b67fe706d

SHA256
b6e26c5f9d0a94ee4e0b0aa1a9b41109019e508e3437c18f3c2493d7d2a5cf29

SHA512
c11e1855bf99dca89c1812812f674529bbc9fc7701b8dda85b8e70c29cb44eb9ffc291bea9f9a0e4f828f10ff56dab1de969035fb014e14ba8b2b4073f734b9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe

Filesize
468KB

MD5
98aa96ffcb682658205d4c9b80ce789e

SHA1
edd9e1cd0eb5d2f017de6908d0397e5d350ec7d5

SHA256
f656f6d63874469a1207433fe20c5c96db414a73e023e9f8475fad724fb9e5d6

SHA512
fb8e8e06edb8844e9516cde7da6b5425387af43b49330c25a79070ecd04d7ea16191b4569347fcfc833685242b527c75595aff92c61251d9f3a91c55b6cca47d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe

Filesize
468KB

MD5
eee7419f98ad384ad84bd04ac3d87024

SHA1
e48bc11a23a622aadbf6926716c7957823a45ec4

SHA256
416a5b30524df3950969df00185a947599acc2e36768ba41404f20c1c99c844a

SHA512
b4b4b4d70105dd7c72389d891e3ae7a49cdea3ba980ff14ba7c5aba6ad36cd7228627ff9abc69ecb17eca9640662d6462c827cff21dfbee4c42447fc6bbe9163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe

Filesize
468KB

MD5
630a3d212c5f6292a40d7a9a8e5e167c

SHA1
d2785431b582eaca013dc0f39ade0ec66d2b89e0

SHA256
e06f75d2c50809e3ae1fac997e6c5a7d831df3dbb908c5dda11f324af7194d27

SHA512
b7bd2a42f3c3cdedac0f9cbe5a765a8908b040f242a5f59c917b2ab40c002dfc65f82a769cdae18da9ab6f9aa4552acbadfbcb42d56616744465ac52087c28b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe

Filesize
468KB

MD5
a311ca0a7cd00a84f1c1513989945ad1

SHA1
2974d9ade4654d0aed8ab3fc7ad441959d86630b

SHA256
81199c561b233a189921dc4c05f4b080b85fbc44f9760ba044de16e79b8d9692

SHA512
5063089a2627fbf3c504e561d7ef026801eb0530b52d7af332c9e013168e8130a9a006c4840614d962710835353aa23849ce60362a8b9446eab403cedbc4295c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe

Filesize
468KB

MD5
42547c82974f5c7d216384ada725dbc6

SHA1
94e379c2e9b860849e195c3f06512fc1761b815b

SHA256
be0559e9ffb2b06baa42fd0a281c2238a7113b85f8088426a03db2f419004825

SHA512
3c42b735334d07c87ab1d2fc9d918e89a658bcd04db19fa71cc89355d60cde0e015f8895b678230843666f73813d081d9044520e0cc7cbb196073d0e1e5039e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe

Filesize
468KB

MD5
05de41103687600247313716f231e6e4

SHA1
ae9b3cc1a24aeae9ed04c8978d6dd208e286e501

SHA256
88fa9b20c2a7b263ef6b43b9bebad3bfae937b005463e9c86f1f42a0a5f9f22b

SHA512
6128f139ee794d91fd02de4f8e60eb4c376490c4c0df48d4644bf800eb784957f3f79e9d53899a1485badbf2ebdc503c1ebe1a921f1416091d9d96cf589bb50f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe

Filesize
468KB

MD5
32d6509a45638f113f8667a21c9864e6

SHA1
5d1b4b98e72df2531967e5258c6070b5407ad0be

SHA256
a3b12d61b996ff14a49a2cd1b7bd3a774ea7e1c8bc16639000f028346daf343f

SHA512
eb3dce20ee6487f92d0668e8bd76e3531de424849b013ddae0db97a2a1f1c1561fad9f1f7062c52c67526479cfd4b480d9b36689be74f7f3135601bb347c901e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe

Filesize
468KB

MD5
a671d6a0b26dee8b30cc8f2dc35ce1f3

SHA1
c0331d381d954b74a9c3a5f114c34c90d383bb0c

SHA256
4509d985d00df53a27d75e5403fa4a9becd1801f76eb2b774128d7134056b5a8

SHA512
19506f70cfa2a5904246c2400d38413bfe97be57d3c39b3c8e332bafbb8ca75b4fdede8ac1ac34a8fc658549217e20ab120eabbf06d0e9de534ca3d816b00d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe

Filesize
468KB

MD5
2b264c1d8ab7a6005f83f601aaaa9512

SHA1
28750a2fea92649b478636006f5a8b4cbe3b1d87

SHA256
44e56feb3ec3ca45ac11d2cb6db018b0285b21bc6b826e12ec9f9c1a5b13f767

SHA512
b63439958d301d42b3cd8cbd62b122484aa56fa4e5523b742ff26775865f3b846b0e0279b7b2e392bcae3dc954331c2e68f8f48e0f57d33285fa9f169a9824c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe

Filesize
468KB

MD5
bb1a8a3524a3367d13c39a57309fe4ca

SHA1
a173f80e022340de9516a400f025d1f72cfbd1a5

SHA256
5de00f520fc0c7290d93dbb8f403807c86155c00843ae2685dcb7ce69d348404

SHA512
136beac5d94686d577ac9206fdc4b1af09c87355c53aa627f7141acc7645b3f23d0f8511777a8047bf28ce5b1e0caec132d64d4ad9f055265432422eb1141001

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe

Filesize
468KB

MD5
02c0c958f3e4ceebab22982d12801b50

SHA1
352861fbe459c41c969529c5d6c1ad9e78f158f5

SHA256
5e62d6b335e876ec1179d5966e39d53abacfc5aaacc6503eff99706ed300d0b0

SHA512
9431b275ca067b185b82aa5ee6f2a54e89dcffa9fe7273bb6ebeef63c1b25df2da4d4bb9cb06822c522185db73217f3a14081ec25da89eb8745b4f4006f95c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe

Filesize
468KB

MD5
f883b888df53f438cc7091ae2d7ceb01

SHA1
18d2aba0c994d415c50e48d924e0dd62190fe143

SHA256
4977a95721eab62eeb344f278d66e730737c96b00cb231a83957960d83bd6cb2

SHA512
73ef388e1fe690cec7127b9f71c024cbdfd113a7358f0ed7dcf5f1847a7f6fbb766f60f77fac9cc02c137466ef3ac59a5bfb059f62da8454bfec0fc998181147

Download Submit
memory/8-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/60-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/100-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/336-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/460-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/816-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/988-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1008-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1256-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1392-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1472-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1488-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2136-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2396-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2428-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2556-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2936-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3100-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3264-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3288-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3344-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3352-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3380-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3388-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3476-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3532-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3640-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3644-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3748-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3884-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4036-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4148-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4188-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4296-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4356-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4772-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-560-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-559-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5168-562-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11756-2505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads