c0c4ae79a348a3ee3d7f15831d6be109e488554b28df7481c1b5ca9f32c49098

Analysis

max time kernel
120s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9efc53a0d106939398e76088b91822e0N.exe
Size

468KB
MD5

9efc53a0d106939398e76088b91822e0
SHA1

669a7e3fc3472667c3a33f3304077138509716d9
SHA256

c0c4ae79a348a3ee3d7f15831d6be109e488554b28df7481c1b5ca9f32c49098
SHA512

f72a2460de8b0e76e78553992099c7729c8b16a4a70d792fb1368477c992e584e4f62bfe5676e9cac69f2417897e06727ead5d436d841a427a9b37b7d79d0828
SSDEEP

3072:bRcxog51PU8U1bY4PzrjSf8FEC5nSZpCndH2ZVTtkzf33VQNEjlV:bRiouZU1vPPjSf5v51kzfFQNE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3892	Unicorn-63454.exe
4348	Unicorn-12665.exe
5112	Unicorn-968.exe
4328	Unicorn-7761.exe
2928	Unicorn-52878.exe
772	Unicorn-50832.exe
2264	Unicorn-33012.exe
2536	Unicorn-18006.exe
4552	Unicorn-6308.exe
4792	Unicorn-59038.exe
224	Unicorn-52908.exe
3992	Unicorn-58773.exe
4508	Unicorn-59038.exe
648	Unicorn-18752.exe
4308	Unicorn-45561.exe
2276	Unicorn-54326.exe
3896	Unicorn-18124.exe
5008	Unicorn-45774.exe
4984	Unicorn-29173.exe
3640	Unicorn-5701.exe
344	Unicorn-5701.exe
4068	Unicorn-13869.exe
4544	Unicorn-54902.exe
2384	Unicorn-56940.exe
2440	Unicorn-43204.exe
3568	Unicorn-63070.exe
3024	Unicorn-47289.exe
4260	Unicorn-33719.exe
4828	Unicorn-36520.exe
2496	Unicorn-64570.exe
684	Unicorn-1071.exe
3080	Unicorn-35598.exe
3972	Unicorn-19262.exe
1536	Unicorn-64933.exe
5004	Unicorn-58248.exe
3332	Unicorn-49002.exe
4284	Unicorn-57917.exe
1224	Unicorn-12053.exe
1972	Unicorn-49008.exe
3156	Unicorn-17098.exe
1704	Unicorn-8664.exe
3824	Unicorn-20798.exe
4940	Unicorn-377.exe
2156	Unicorn-50133.exe
4896	Unicorn-45494.exe
3936	Unicorn-49578.exe
2460	Unicorn-57746.exe
872	Unicorn-33242.exe
964	Unicorn-12821.exe
116	Unicorn-5208.exe
2884	Unicorn-62790.exe
2668	Unicorn-56660.exe
464	Unicorn-42924.exe
2600	Unicorn-50538.exe
3416	Unicorn-34756.exe
3232	Unicorn-25769.exe
1508	Unicorn-3567.exe
4540	Unicorn-10444.exe
2836	Unicorn-8928.exe
532	Unicorn-18058.exe
1104	Unicorn-49889.exe
1540	Unicorn-54238.exe
3636	Unicorn-9868.exe
1136	Unicorn-25842.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
14116	12436	WerFault.exe	604

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16302.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6732	dwm.exe
Token: SeChangeNotifyPrivilege	6732	dwm.exe
Token: 33	6732	dwm.exe
Token: SeIncBasePriorityPrivilege	6732	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2892	9efc53a0d106939398e76088b91822e0N.exe
3892	Unicorn-63454.exe
4348	Unicorn-12665.exe
5112	Unicorn-968.exe
4328	Unicorn-7761.exe
2928	Unicorn-52878.exe
772	Unicorn-50832.exe
2264	Unicorn-33012.exe
2536	Unicorn-18006.exe
224	Unicorn-52908.exe
4792	Unicorn-59038.exe
3992	Unicorn-58773.exe
4508	Unicorn-59038.exe
4552	Unicorn-6308.exe
648	Unicorn-18752.exe
4308	Unicorn-45561.exe
2276	Unicorn-54326.exe
3896	Unicorn-18124.exe
5008	Unicorn-45774.exe
4984	Unicorn-29173.exe
344	Unicorn-5701.exe
4068	Unicorn-13869.exe
3640	Unicorn-5701.exe
4544	Unicorn-54902.exe
2384	Unicorn-56940.exe
2440	Unicorn-43204.exe
3568	Unicorn-63070.exe
4828	Unicorn-36520.exe
3024	Unicorn-47289.exe
4260	Unicorn-33719.exe
684	Unicorn-1071.exe
2496	Unicorn-64570.exe
3080	Unicorn-35598.exe
1536	Unicorn-64933.exe
3972	Unicorn-19262.exe
5004	Unicorn-58248.exe
3332	Unicorn-49002.exe
4284	Unicorn-57917.exe
1224	Unicorn-12053.exe
1972	Unicorn-49008.exe
3156	Unicorn-17098.exe
1704	Unicorn-8664.exe
3824	Unicorn-20798.exe
4896	Unicorn-45494.exe
2156	Unicorn-50133.exe
4940	Unicorn-377.exe
3936	Unicorn-49578.exe
2460	Unicorn-57746.exe
872	Unicorn-33242.exe
2884	Unicorn-62790.exe
2668	Unicorn-56660.exe
116	Unicorn-5208.exe
464	Unicorn-42924.exe
964	Unicorn-12821.exe
3232	Unicorn-25769.exe
4540	Unicorn-10444.exe
1508	Unicorn-3567.exe
532	Unicorn-18058.exe
3416	Unicorn-34756.exe
2836	Unicorn-8928.exe
1540	Unicorn-54238.exe
1104	Unicorn-49889.exe
3636	Unicorn-9868.exe
1396	Unicorn-5976.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 3892	2892	9efc53a0d106939398e76088b91822e0N.exe	90
PID 2892 wrote to memory of 3892	2892	9efc53a0d106939398e76088b91822e0N.exe	90
PID 2892 wrote to memory of 3892	2892	9efc53a0d106939398e76088b91822e0N.exe	90
PID 3892 wrote to memory of 4348	3892	Unicorn-63454.exe	93
PID 3892 wrote to memory of 4348	3892	Unicorn-63454.exe	93
PID 3892 wrote to memory of 4348	3892	Unicorn-63454.exe	93
PID 2892 wrote to memory of 5112	2892	9efc53a0d106939398e76088b91822e0N.exe	94
PID 2892 wrote to memory of 5112	2892	9efc53a0d106939398e76088b91822e0N.exe	94
PID 2892 wrote to memory of 5112	2892	9efc53a0d106939398e76088b91822e0N.exe	94
PID 4348 wrote to memory of 4328	4348	Unicorn-12665.exe	96
PID 4348 wrote to memory of 4328	4348	Unicorn-12665.exe	96
PID 4348 wrote to memory of 4328	4348	Unicorn-12665.exe	96
PID 3892 wrote to memory of 2264	3892	Unicorn-63454.exe	97
PID 3892 wrote to memory of 2264	3892	Unicorn-63454.exe	97
PID 3892 wrote to memory of 2264	3892	Unicorn-63454.exe	97
PID 5112 wrote to memory of 2928	5112	Unicorn-968.exe	98
PID 5112 wrote to memory of 2928	5112	Unicorn-968.exe	98
PID 5112 wrote to memory of 2928	5112	Unicorn-968.exe	98
PID 2892 wrote to memory of 772	2892	9efc53a0d106939398e76088b91822e0N.exe	99
PID 2892 wrote to memory of 772	2892	9efc53a0d106939398e76088b91822e0N.exe	99
PID 2892 wrote to memory of 772	2892	9efc53a0d106939398e76088b91822e0N.exe	99
PID 4328 wrote to memory of 2536	4328	Unicorn-7761.exe	102
PID 4328 wrote to memory of 2536	4328	Unicorn-7761.exe	102
PID 4328 wrote to memory of 2536	4328	Unicorn-7761.exe	102
PID 4348 wrote to memory of 4552	4348	Unicorn-12665.exe	103
PID 4348 wrote to memory of 4552	4348	Unicorn-12665.exe	103
PID 4348 wrote to memory of 4552	4348	Unicorn-12665.exe	103
PID 772 wrote to memory of 4792	772	Unicorn-50832.exe	104
PID 772 wrote to memory of 4792	772	Unicorn-50832.exe	104
PID 772 wrote to memory of 4792	772	Unicorn-50832.exe	104
PID 2264 wrote to memory of 4508	2264	Unicorn-33012.exe	107
PID 2264 wrote to memory of 4508	2264	Unicorn-33012.exe	107
PID 2264 wrote to memory of 4508	2264	Unicorn-33012.exe	107
PID 2892 wrote to memory of 3992	2892	9efc53a0d106939398e76088b91822e0N.exe	105
PID 2892 wrote to memory of 3992	2892	9efc53a0d106939398e76088b91822e0N.exe	105
PID 2892 wrote to memory of 3992	2892	9efc53a0d106939398e76088b91822e0N.exe	105
PID 3892 wrote to memory of 224	3892	Unicorn-63454.exe	106
PID 3892 wrote to memory of 224	3892	Unicorn-63454.exe	106
PID 3892 wrote to memory of 224	3892	Unicorn-63454.exe	106
PID 5112 wrote to memory of 648	5112	Unicorn-968.exe	108
PID 5112 wrote to memory of 648	5112	Unicorn-968.exe	108
PID 5112 wrote to memory of 648	5112	Unicorn-968.exe	108
PID 2928 wrote to memory of 4308	2928	Unicorn-52878.exe	109
PID 2928 wrote to memory of 4308	2928	Unicorn-52878.exe	109
PID 2928 wrote to memory of 4308	2928	Unicorn-52878.exe	109
PID 2536 wrote to memory of 2276	2536	Unicorn-18006.exe	110
PID 2536 wrote to memory of 2276	2536	Unicorn-18006.exe	110
PID 2536 wrote to memory of 2276	2536	Unicorn-18006.exe	110
PID 4328 wrote to memory of 3896	4328	Unicorn-7761.exe	111
PID 4328 wrote to memory of 3896	4328	Unicorn-7761.exe	111
PID 4328 wrote to memory of 3896	4328	Unicorn-7761.exe	111
PID 224 wrote to memory of 5008	224	Unicorn-52908.exe	112
PID 224 wrote to memory of 5008	224	Unicorn-52908.exe	112
PID 224 wrote to memory of 5008	224	Unicorn-52908.exe	112
PID 3892 wrote to memory of 4984	3892	Unicorn-63454.exe	113
PID 3892 wrote to memory of 4984	3892	Unicorn-63454.exe	113
PID 3892 wrote to memory of 4984	3892	Unicorn-63454.exe	113
PID 648 wrote to memory of 344	648	Unicorn-18752.exe	115
PID 648 wrote to memory of 344	648	Unicorn-18752.exe	115
PID 648 wrote to memory of 344	648	Unicorn-18752.exe	115
PID 4792 wrote to memory of 3640	4792	Unicorn-59038.exe	114
PID 4792 wrote to memory of 3640	4792	Unicorn-59038.exe	114
PID 4792 wrote to memory of 3640	4792	Unicorn-59038.exe	114
PID 4508 wrote to memory of 4068	4508	Unicorn-59038.exe	116

C:\Users\Admin\AppData\Local\Temp\9efc53a0d106939398e76088b91822e0N.exe
"C:\Users\Admin\AppData\Local\Temp\9efc53a0d106939398e76088b91822e0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        10⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12436 -s 448
        12⤵
        Program crash
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        11⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        11⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        10⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe
        10⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        9⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        9⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        9⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        9⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        9⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        8⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        10⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        10⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        10⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        9⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        9⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        9⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        9⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        8⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        7⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        9⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        8⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        7⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        6⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        9⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        9⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        6⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        10⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        10⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        10⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        10⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        9⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        9⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        9⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        9⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
        9⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        8⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        7⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        6⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        7⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        7⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        7⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        6⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        6⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        5⤵
        
        PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        9⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        9⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        9⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46456.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        7⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        7⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        6⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        8⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        7⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        7⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        7⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        6⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        6⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        7⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        6⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        5⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        5⤵
        
        PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        8⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        7⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
        6⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        5⤵
        
        PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        7⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        7⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        6⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        5⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
        5⤵
        
        PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
      4⤵
      PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
      4⤵
      PID:10436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        7⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        7⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        7⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        6⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        6⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        5⤵
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23052.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        7⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        7⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        6⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        7⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        6⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        6⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
        6⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        5⤵
        
        PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
      4⤵
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
      4⤵
      PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
      4⤵
      PID:7692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        7⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        6⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29218.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        7⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        6⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        6⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        7⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        6⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        5⤵
        
        PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
      4⤵
      PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
      4⤵
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        8⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        7⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        6⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        5⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
        6⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8678.exe
        6⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
      4⤵
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
      4⤵
      PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
      4⤵
      PID:16420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        5⤵
        
        PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        5⤵
        
        PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
      4⤵
      PID:8872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        5⤵
        
        PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
      4⤵
      PID:10236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
    3⤵
    PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
      4⤵
      PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
      4⤵
      PID:9356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
    3⤵
    PID:9116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
    3⤵
    PID:13376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
    3⤵
    PID:17144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        9⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        7⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        7⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
        7⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        6⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        6⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        7⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        7⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        6⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        7⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        6⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        5⤵
        
        PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        5⤵
        
        PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
      4⤵
      PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      4⤵
      PID:8472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        8⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        7⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5843.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65154.exe
        6⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        5⤵
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        7⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        6⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        6⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12928.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        7⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        6⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        5⤵
        
        PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        5⤵
        
        PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
      4⤵
      PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
      4⤵
      PID:17112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        5⤵
        
        PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
      4⤵
      PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
      4⤵
      PID:9628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        5⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
      4⤵
      PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
    3⤵
    PID:13128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
    3⤵
    PID:10748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        8⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        8⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        7⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        7⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        6⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        6⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34049.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        7⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        6⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        6⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        5⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        5⤵
        
        PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
      4⤵
      PID:7132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        6⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        7⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        6⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        6⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
        5⤵
        
        PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39108.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
      4⤵
      PID:8428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        5⤵
        
        PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15792.exe
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
      4⤵
      PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
      4⤵
      PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
    3⤵
    PID:12440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
    3⤵
    PID:716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
    3⤵
    PID:15140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        7⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        6⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        5⤵
        
        PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
      4⤵
      PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
      4⤵
      PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40090.exe
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
      4⤵
      PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
      4⤵
      PID:17096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
    3⤵
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
      4⤵
      PID:18080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
    3⤵
    PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
      4⤵
      PID:17168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
    3⤵
    PID:10416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
    3⤵
    PID:14564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
    3⤵
    PID:5648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
    3⤵
    - Executes dropped EXE
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        6⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        5⤵
        
        PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
      4⤵
      PID:7208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
      4⤵
      PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        5⤵
        
        PID:15004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
      4⤵
      PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
    3⤵
    PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
    3⤵
    PID:14424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
    3⤵
    PID:5924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        5⤵
        
        PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
      4⤵
      PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
      4⤵
      PID:7928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
      4⤵
      PID:10940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
    3⤵
    PID:9228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
    3⤵
    PID:14896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
  2⤵
  PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
    3⤵
    PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
      4⤵
      PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
      4⤵
      PID:9724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
    3⤵
    PID:16448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
  2⤵
  PID:8764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
  2⤵
  PID:12556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59227.exe
  2⤵
  PID:15544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
  2⤵
  PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 12436 -ip 12436
1⤵
PID:13992

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe

Filesize
468KB

MD5
f4c300d875c60afca6483def41686031

SHA1
42c1bea4d5ee8ae0dc611baee3ccc79eafe4d617

SHA256
a71d19de6a66ed4decf1dcb81ce898b4cbfa051ad24b4838c63901ff510d92ef

SHA512
ed846aae4a2f5e93f28081eb65b4b6ee1fbdb07c61b03a958710b2ecfaf0da0a0f7581818b9610445171ef3b6d1f310bdf471c716557d17917d35578c4fc26e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe

Filesize
468KB

MD5
880b05f3a0961386b71e9619104a2b29

SHA1
a0f3ea0de864c5b55b6c3573dee4d35adfd0250f

SHA256
7831a5b7e802bafcb368c796ee38f30a62d933fdafe7945b1194e471288977f1

SHA512
cffa9086915b2adfece70bd2fda5a8e873b7b4a6178ae1e6a4deeee0f3a2f3e197eb51bb3e5b67e878fe6d9f6552fc3f887f11413c9463dd617e20ddf8daa6e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe

Filesize
468KB

MD5
ebb12ef5a5a7a739ced9b36d9f5f659f

SHA1
01862e75da434be888e3f65fad68085ccb25d9fb

SHA256
90494bd1cfb478f025e26473927216278cdb4a9b7feb0495d8e12fa591a77fd8

SHA512
2aba01413b2e942ad254409aa9f4a7a2eba676af1ece3bc09f1dfeefaeed872e339eb15bdf877ffdedd765905edb1842ea284d0dd69790b718d8634182ee0725

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe

Filesize
468KB

MD5
589a9f99f149472b7f09002cd02bc0c4

SHA1
9edabd72a6e56551e2f65fa8890ecea4081b39df

SHA256
84f72f512740a8b4b8c8800535ed1db1bfd2155d650f4f5ab6ecba5eadcbcc77

SHA512
73c63d01926312e402a1eda5f5e87d6208a5d05567d458649c9b930d4c0fe87087293fe2eab39648a2b91c9d463b03cd4233bc855f9b21913daa0e0c6c7802fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe

Filesize
468KB

MD5
4a5cf67ab266bb62d457adda1dbbe53e

SHA1
0aa1e86fa0e9ffe3e898ed6a303300edcf0608cb

SHA256
4fcb3a742bda8f0fa641db21881ce4578995678232b93d411963afe49a376141

SHA512
d88997372bb2ec748fc1c92aab0aa34c74ed0a9512c1078e3ece6a40471a7d9d92f72fa4e8a3ddc5a1ff513876b1fc6de3920c19374a3827a09e42e6e44d367b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe

Filesize
468KB

MD5
3eab90ebe5ca09e2f3e58eae9795869d

SHA1
f10b8be4b3afd8fb681a24e402fdcf71e8b088f6

SHA256
48f8f72be0c810a706feb9f0bb34f1957b11ae7628222bf793f15906ecd97874

SHA512
aeb89892a3315b144669c64bbeefaf8cc722956a636beb647381b0e6f3a1411d38cb3a9151992d13aefa1689a36f48f5cc980631e33304cc4b4837f73f58a844

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe

Filesize
468KB

MD5
014a12aa57fa2fa15893470aba220901

SHA1
f01a41f1d80350392e2b8d19fbba328eb7fd044b

SHA256
cb18e45f0de3ace8f59fd2ca509d31935eeb17a8b6e7a49f907ffb49e65ba988

SHA512
36dd7fd70b70768bd0778eb9e5d6b927198f95423b7a61fbb18e40a3c56c1057fdc358109574e12e6e3ccf39584164ec34ea8f1eb0a39a63136b57dea135e7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe

Filesize
468KB

MD5
ff387599cef5b52fc07c6a0e0f311e71

SHA1
62a5d6d8d5b07d510668c633f6d7ee8ba428d2e1

SHA256
3a36ac0a9795e32cfa5e37f55ed4c7dffe2a05db0ce48ce60f1899271f910ba7

SHA512
bd2686bdd9a0101486c97e5aff3d7312859fc54f7bcec68831895676165e3c0dbe29a6ac05977f3073be0ab1671f1952f19cf22de9ae85d965d8d9d48bcea743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe

Filesize
468KB

MD5
cba30fde5a26e3caf018840656b29219

SHA1
4720633d181c06d6c752c1da7097b9813bc6aa7e

SHA256
e6c06200d13032128963ba58f6d3c07ce1375c1b983fd648c84f52c5552318fd

SHA512
4d819e9ee7dac95f650b9e6f98fad9d7ade8fe824ebdda1796604f88c6396b0f721de9fa02cd30c4b72fe5c8403d6833754d8ca750c836d47fafc7992c8e83b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe

Filesize
468KB

MD5
3c80ec768698bef1524d2cddbbb547da

SHA1
c44766dcc17bf61fdc840d03ad4be58c35735ae3

SHA256
021dece37cd2b24ba37bc63219982f7db1a77ccf28254055b0607eff0c32932d

SHA512
b04382742d24ca323095974befdd507b6f343fb7532576c0a5249e7f01067549420437309621544d82a369ed172619c3ba0e87bdfa3c09270b74a980681ccb58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe

Filesize
468KB

MD5
f275e37baed9222905759990cfd62dc5

SHA1
64f3785f26c0bad453181c84b6889c2f54067867

SHA256
de9f4df7d6b3967ebc2b20834d4c4a51a3a86fff90b3ff28c7de95cbaa6efaae

SHA512
a65e62668c7100049e9ff18be8049b64870eab85ccf0eeca851448826625a94c10aa054f011100068f633a636c29df61a1c5e7cd69ff23a303677a32cf3cd227

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe

Filesize
468KB

MD5
74fceacad553cc511697c3f4d6536315

SHA1
b1ba4bbb4865438a2bfeeec1be0abefcffe893b8

SHA256
1c5e90e02303e246300475a1601a2dafd1324c83673400db000f5c777216931a

SHA512
54be4d32d0ef982accc810af6ea644056506be821c0ffd32120e7c186a7f205507f842f75c4cc5890542e78ff3ff8d264f568a0a2b2feb3da64abceb6edb4933

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe

Filesize
468KB

MD5
7eb797061a2bc04edc2f71ceae315e52

SHA1
8e7c346f894dfd5603676c5d8ddcc42bf853de09

SHA256
36cb4f2f8f69d55b67a41da4d69370e86966aeb805613537fe79e40068250519

SHA512
35b17f80e7b4a2cfb2cac6f4d16ca80a6ffe333189977c7f10afb05fad172357e078921555c94dfb94dfa7ec08ec3d1f242e0863a82561298ee45149367b3287

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe

Filesize
468KB

MD5
315720706e893defd819fd830760d187

SHA1
9160d71d417bda4b66523f0bdd0796d78c393859

SHA256
895367ea0672addcef1b19cfe8a6c07df6fed3e97a585a8b37923c249e13c1f0

SHA512
5da592d6b41f5b48dc3e1b831f5659b23c3066f504291fae70e6e8ddaf60bec8072ce7d21de3196a457b058e326603b8d30fe203166d6e24968d2fcd1bd5fad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe

Filesize
468KB

MD5
ecf2d5a4c4048bdcbf1f641a329c22ff

SHA1
0431b2518d453e811728ebe7dba5753e90891c07

SHA256
c1ebdc3f3f80ae82b0a0dc03113d8d3bbb96d0789a49b9037221041304fc4622

SHA512
a7e1c7969798e4fb085296a99f9b11cf0778fb10b712e5946d0157c2bde7d503e2d1b8a8f5766ebcd70f26e3089969678ca5ff064c697d69ca79ea1a14f0c4df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe

Filesize
468KB

MD5
a5b54f851b86671a56d44e941ac66132

SHA1
b06ef77f30c17007462e722b6977efaddc05620d

SHA256
eecb0a769bd36589e2d469a388c9a8674c549089d2270e6a13f8aa574514c6d9

SHA512
93e428bccc40ac330e157e0846672f64da874dcfe458783558e6bb8aa505ad249cadb80154b47ccca4619853f4c7a1cd27ef982b6fd7bf1fe9b6d4cf676459c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe

Filesize
468KB

MD5
c5fe936202b19be76aac278ff9446834

SHA1
f2bc88e8e0f6363b13da1cb2ffa7d111402a9301

SHA256
a0e1f0d403b60dd4a16ae647f5312dc77d5eee32a9c842ed6c09775f89507d29

SHA512
9ffa64bafa265ff74600dc1f86c005373e1b0ef81661d122bd409712e0077aa9978f701125c116a02bb082858962ee31f73560e72f019376a7042df3a2219954

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe

Filesize
468KB

MD5
b58438074bee38c1be011d376b8a0d92

SHA1
0c3eccb18742eef134b4f5a83052b5fbdbe970bd

SHA256
d5ce868baf9a67509567d1b60878c339c53d716e8884fc22f6c4f5d57a1e1583

SHA512
10498e3d1bece8125faa6885facc123e3637a856c8365392e939c9711bf0b2ea57a9d2acb5e6283724d893b57b451df12deff38b0a25fd560db68488adb89d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe

Filesize
468KB

MD5
6674ed2be4800eade7bcc36ba8071a34

SHA1
d921c344d5f0cd1b70da194af15648e3ac74391d

SHA256
3071d353dc6abcb2470d16e3e9e7de698381a978c9f661de0dfed75e47ae3d01

SHA512
71c28a6170b880a150bb4efdb92ea7b3fb4fe97e86c85d77da9a38779ca41cdd27e8b5b40f0310b47e5ae4da062f0b5f081119b3b906ddb626ae41cd194c4c1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe

Filesize
468KB

MD5
5f6e4d2d075b08a9fce54b23beed9850

SHA1
dba49195257bca0ad0df5abbe744a320f1568006

SHA256
e48d31b2870feaa966bde5f02ba20983cf3de7a3f138156f8562622599783098

SHA512
189b34d8839ca6fb2012ee903ad60f442d40777198a7627b2db43d47cccf6ec162347d43eecfcd68f0b5dbd17a4ce9da82a5cd855e2733c1eed1db0929c599c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe

Filesize
468KB

MD5
f6d76447998d6b268294af8f896cf60e

SHA1
ec526d7a6b8ecbda2b9b1d3651c98f912ee1589b

SHA256
d05b9fa5d7006df00b988636f337542155758415ca0b79f39ad009684568a2db

SHA512
d390a155a6e4f7fee75f9629b11d1363aa91adb29b47707c9eb8af03b7f1851588d8c780993d00005009e42a60727e003ff57b37fc36c51df33b9f053a05ef60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe

Filesize
468KB

MD5
fcc22379b1d765e239f3bda3c95a1308

SHA1
f645d3479af62a871319700d9ae631586ac779ae

SHA256
4023dd3aae7f2a30777622e3349873ede5871e045ed04ec87ce3e53c8d9284f1

SHA512
cb904c3f11a0a6dac916d46df08c20e342272a6ca6491a7d313b6abe08df106d1e69119af63468b0aa9d6f99a4b706bdd22f99eef9574391a185c7bd127602b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe

Filesize
468KB

MD5
548cd91ab23191e341ac1cbd8d21193b

SHA1
4cfd018572bb09f6df2cc69468d7eaf5a6e266b6

SHA256
bf3da7c415b4d6da8e12d598f13d57ba12d3ca03f26422539f2b2c2a1dee1bb0

SHA512
7d4cbe3c51884298005bfcf17502f70033c37b7a8776c0161064649d70e383d595d199c4efbe93ff5f72beae593bf509201c32df51ba12097113dedad6c253f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe

Filesize
468KB

MD5
f4a260b95101dcbf0b49dc6d9a2ba9e8

SHA1
7bf4611ef16179e53b8fab991821d24ef78d83c0

SHA256
0889e75c82568c77aa01b985ed7e43a51f93c13e2717dedf2f6c850547961d3f

SHA512
be5c1b48e5be3179551f521177de8bb54f8b34dacbee4204955d008486b6b47c8e2c0f207a4c0ad09de9d5fd93433fae4dedc4c84a29270a332f12c18aa91afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe

Filesize
468KB

MD5
0c683b18c02c1c37c6457f3389743ac1

SHA1
d3d5c0571687cfe840be17e31361cc27006d3bfe

SHA256
9aae2d32e13f78765d56c911a64a42aaa4b3c8d7cce6ad4bbbfef2093f65b73f

SHA512
d9de45c17176f31507dfb83f1f9e207d72d3326bae8b18678e965af0f8160ff4f0d25759d132fadd3f1598cd0bbe47a0914b18a036b0d4e7405f37aff0f5a9d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe

Filesize
468KB

MD5
38de3af7dfbca22f75edbcbb5267a388

SHA1
eddf97ccfbe1e6f5e08dad447f2aacc886120e62

SHA256
4cb8788a24b4b5e50fd61756a64ed33358df2e1e625b3aa683e0a959efbd7119

SHA512
c841e211922a29dc4c4e641f6eed1e404f49ad096d5d4b990894fff06f66816c12b2247ff4375aaa910cec55eaa9ba362b7a836855ff10688baa2810daa4b0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe

Filesize
468KB

MD5
9993d48ccb249434c2235bc0650f9bcb

SHA1
dffbf0e3a2978414a9c6b4ff5c6fbca87865dca5

SHA256
acb0abcc0d851822ff3f7d2059eb343a1e47cdb77727c15c815921b122bcb845

SHA512
9b1ec8073ecb7ca04f62420104583f14e3a7e7136400d24bedade07d758443a5716899afd5c49378a60cc4e3419608fe8527a3a5e510f4cb001d73ee38b89c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe

Filesize
468KB

MD5
500088b2cc2e51eccc8e88e1c4c818e0

SHA1
970d31e00cbba3a6bf5ef477b241fd2845163dc3

SHA256
5529786c8f8af9be47487d7d21c12586a0a07533a778337a196c292e4b73a94e

SHA512
a2a6d99f9b534848e079f2b8fd73be796e13e3781569dbc38daf427c63500b05803478f1e189357c675961a85b581d6f8d33426e96129cd4309224bb6b757d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe

Filesize
468KB

MD5
c6274fbeb2260cad2c9394cb31088c5b

SHA1
a5b444b18af09a9723b637e09048ec78b23501d4

SHA256
1f1b28bb3cec4a00fac120c6eecf989990d3acb0e195b8e017fc5f34aee1f111

SHA512
9c45b8491316875a619e087686d35348a8c3bf46087723636f172ad9fd6fd889fce1e8c62ea6f4bcb9518ba9bc24b46ebdc35fb885a2775c6427c271df4450af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe

Filesize
468KB

MD5
9d82c38cd3d3af7e3bf334006970ab4e

SHA1
74a86f05c4b65a76331c41680a3529ecfaf9ad24

SHA256
3adf11382160044b9100772a06508ed574d4f4e4344d49070a32ffe4c4d569c9

SHA512
5c611c9d0b303b3cbb5f5d6d73d35a67f986e90901da8f78b36f5227921da5b4f7753ff579b2c7ba90328fa6bb548aa92cef7e3505da43a6ae4cce1a608a83e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe

Filesize
468KB

MD5
e40f96dea73623016b428af669532177

SHA1
2b1553e7d391571c69884c5fe626be8a82c56520

SHA256
0cac6355181e1fb971c69ae520f449bd73f0bba6a754f09e91bc3d248247f7dd

SHA512
456aca958e4e351bc920c566650a6029f8b7c62298d82a29df20bf23425fbdbf9d34bc6f8a72f86c3b9cdfdb094263186eb207c36f213cb217a3211a596fb83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe

Filesize
468KB

MD5
7edd9e42f93ee238d10798101e963399

SHA1
624dd55a1eb548586bdfa63ef8108d585a49d34b

SHA256
8cf35db9ef204989850b4f30ecd5d48984d6ad2fe63f5811e7cab9477e906cb7

SHA512
35eb094c20c8098bace49a23975bc80b0b47ad9e594bfb3234a7407e15b35d5a629844763fce1219b152a6e1b51413eec8b709e36a081ff1007b7f6feb61e2d3

Download Submit
memory/116-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/224-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/532-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/648-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/772-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/964-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-108-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2440-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3080-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3232-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3416-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3640-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3892-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3972-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4068-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4172-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4792-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4896-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5112-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5244-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5356-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5460-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5504-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5692-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5776-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5788-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5800-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5812-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5880-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5940-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5952-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5968-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5980-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5996-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6008-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6092-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15120-2520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads