53e8c0134ef56d0e145f431d82fb7c952a63b32206879218c8ffa4eea85886f5

Analysis

max time kernel
120s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 09:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bd1a13dbb82e9991530d65c16b083d0N.exe
Size

468KB
MD5

5bd1a13dbb82e9991530d65c16b083d0
SHA1

bb806588b191e335160f992b989f4475b01db52b
SHA256

53e8c0134ef56d0e145f431d82fb7c952a63b32206879218c8ffa4eea85886f5
SHA512

c01e50ab011605466f197196e1aec799ffabfb9f3308797a3070793ec8368f565eac90d11cf14a3db967e5982ca95b487fe87323bb520be59fa0dcfbaacc6705
SSDEEP

3072:thoIowfdjy8U6bYCfz52ff5EChd+IpBnmHdQV4l2IW3tmCOmylo:thDo8LU6hf12ffO0Ej2I8UCOm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1960	Unicorn-45393.exe
4960	Unicorn-28791.exe
4128	Unicorn-48657.exe
1800	Unicorn-60808.exe
720	Unicorn-2462.exe
3860	Unicorn-49303.exe
4816	Unicorn-36304.exe
4624	Unicorn-6231.exe
3456	Unicorn-39096.exe
1864	Unicorn-19230.exe
3388	Unicorn-38831.exe
4252	Unicorn-14591.exe
1260	Unicorn-57662.exe
4660	Unicorn-49080.exe
4240	Unicorn-55624.exe
2144	Unicorn-61265.exe
4336	Unicorn-43070.exe
732	Unicorn-30840.exe
2720	Unicorn-16127.exe
1860	Unicorn-65240.exe
432	Unicorn-48831.exe
2460	Unicorn-40166.exe
2608	Unicorn-42966.exe
1432	Unicorn-42966.exe
1072	Unicorn-29230.exe
4700	Unicorn-49096.exe
3408	Unicorn-49096.exe
1656	Unicorn-49096.exe
1868	Unicorn-22776.exe
2916	Unicorn-8063.exe
4272	Unicorn-27929.exe
2980	Unicorn-49510.exe
2836	Unicorn-37694.exe
4076	Unicorn-48607.exe
2108	Unicorn-30425.exe
4160	Unicorn-49968.exe
4940	Unicorn-9821.exe
4056	Unicorn-29657.exe
2624	Unicorn-54088.exe
4368	Unicorn-24696.exe
1444	Unicorn-62199.exe
3488	Unicorn-16528.exe
3064	Unicorn-31062.exe
3536	Unicorn-63927.exe
4344	Unicorn-18448.exe
2472	Unicorn-59480.exe
1092	Unicorn-50742.exe
1740	Unicorn-59407.exe
5100	Unicorn-59672.exe
4740	Unicorn-59672.exe
1216	Unicorn-31191.exe
5064	Unicorn-36791.exe
1840	Unicorn-64503.exe
884	Unicorn-60366.exe
3360	Unicorn-43750.exe
5028	Unicorn-50264.exe
1060	Unicorn-2879.exe
752	Unicorn-9615.exe
4672	Unicorn-22937.exe
4676	Unicorn-49112.exe
1772	Unicorn-40944.exe
4656	Unicorn-46097.exe
448	Unicorn-26837.exe
3292	Unicorn-13102.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3680	14488	WerFault.exe	730
316	14236	WerFault.exe	673
14524	13772	WerFault.exe	655
1328	4864	WerFault.exe	778

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35659.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	988	dwm.exe
Token: SeChangeNotifyPrivilege	988	dwm.exe
Token: 33	988	dwm.exe
Token: SeIncBasePriorityPrivilege	988	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3428	5bd1a13dbb82e9991530d65c16b083d0N.exe
1960	Unicorn-45393.exe
4960	Unicorn-28791.exe
4128	Unicorn-48657.exe
720	Unicorn-2462.exe
1800	Unicorn-60808.exe
3860	Unicorn-49303.exe
4816	Unicorn-36304.exe
4624	Unicorn-6231.exe
3456	Unicorn-39096.exe
1260	Unicorn-57662.exe
4252	Unicorn-14591.exe
1864	Unicorn-19230.exe
3388	Unicorn-38831.exe
4240	Unicorn-55624.exe
4660	Unicorn-49080.exe
2144	Unicorn-61265.exe
4336	Unicorn-43070.exe
732	Unicorn-30840.exe
2720	Unicorn-16127.exe
1860	Unicorn-65240.exe
3408	Unicorn-49096.exe
2608	Unicorn-42966.exe
4700	Unicorn-49096.exe
1072	Unicorn-29230.exe
2460	Unicorn-40166.exe
1656	Unicorn-49096.exe
1432	Unicorn-42966.exe
432	Unicorn-48831.exe
1868	Unicorn-22776.exe
2916	Unicorn-8063.exe
4272	Unicorn-27929.exe
2980	Unicorn-49510.exe
2836	Unicorn-37694.exe
4076	Unicorn-48607.exe
4160	Unicorn-49968.exe
2108	Unicorn-30425.exe
4940	Unicorn-9821.exe
2624	Unicorn-54088.exe
3488	Unicorn-16528.exe
4368	Unicorn-24696.exe
1444	Unicorn-62199.exe
3536	Unicorn-63927.exe
3064	Unicorn-31062.exe
4344	Unicorn-18448.exe
2472	Unicorn-59480.exe
1092	Unicorn-50742.exe
1740	Unicorn-59407.exe
5100	Unicorn-59672.exe
4740	Unicorn-59672.exe
5064	Unicorn-36791.exe
884	Unicorn-60366.exe
1216	Unicorn-31191.exe
1840	Unicorn-64503.exe
3360	Unicorn-43750.exe
5028	Unicorn-50264.exe
1060	Unicorn-2879.exe
752	Unicorn-9615.exe
4672	Unicorn-22937.exe
1772	Unicorn-40944.exe
4676	Unicorn-49112.exe
4656	Unicorn-46097.exe
448	Unicorn-26837.exe
3660	Unicorn-32968.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 1960	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	90
PID 3428 wrote to memory of 1960	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	90
PID 3428 wrote to memory of 1960	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	90
PID 3428 wrote to memory of 4960	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	93
PID 3428 wrote to memory of 4960	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	93
PID 3428 wrote to memory of 4960	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	93
PID 1960 wrote to memory of 4128	1960	Unicorn-45393.exe	94
PID 1960 wrote to memory of 4128	1960	Unicorn-45393.exe	94
PID 1960 wrote to memory of 4128	1960	Unicorn-45393.exe	94
PID 4960 wrote to memory of 1800	4960	Unicorn-28791.exe	96
PID 4960 wrote to memory of 1800	4960	Unicorn-28791.exe	96
PID 4960 wrote to memory of 1800	4960	Unicorn-28791.exe	96
PID 3428 wrote to memory of 720	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	97
PID 3428 wrote to memory of 720	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	97
PID 3428 wrote to memory of 720	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	97
PID 1960 wrote to memory of 3860	1960	Unicorn-45393.exe	98
PID 1960 wrote to memory of 3860	1960	Unicorn-45393.exe	98
PID 1960 wrote to memory of 3860	1960	Unicorn-45393.exe	98
PID 4128 wrote to memory of 4816	4128	Unicorn-48657.exe	99
PID 4128 wrote to memory of 4816	4128	Unicorn-48657.exe	99
PID 4128 wrote to memory of 4816	4128	Unicorn-48657.exe	99
PID 720 wrote to memory of 4624	720	Unicorn-2462.exe	102
PID 720 wrote to memory of 4624	720	Unicorn-2462.exe	102
PID 720 wrote to memory of 4624	720	Unicorn-2462.exe	102
PID 1800 wrote to memory of 3456	1800	Unicorn-60808.exe	103
PID 1800 wrote to memory of 3456	1800	Unicorn-60808.exe	103
PID 1800 wrote to memory of 3456	1800	Unicorn-60808.exe	103
PID 4960 wrote to memory of 1864	4960	Unicorn-28791.exe	104
PID 4960 wrote to memory of 1864	4960	Unicorn-28791.exe	104
PID 4960 wrote to memory of 1864	4960	Unicorn-28791.exe	104
PID 3428 wrote to memory of 3388	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	105
PID 3428 wrote to memory of 3388	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	105
PID 3428 wrote to memory of 3388	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	105
PID 3860 wrote to memory of 4252	3860	Unicorn-49303.exe	106
PID 3860 wrote to memory of 4252	3860	Unicorn-49303.exe	106
PID 3860 wrote to memory of 4252	3860	Unicorn-49303.exe	106
PID 1960 wrote to memory of 1260	1960	Unicorn-45393.exe	107
PID 1960 wrote to memory of 1260	1960	Unicorn-45393.exe	107
PID 1960 wrote to memory of 1260	1960	Unicorn-45393.exe	107
PID 4128 wrote to memory of 4660	4128	Unicorn-48657.exe	109
PID 4128 wrote to memory of 4660	4128	Unicorn-48657.exe	109
PID 4128 wrote to memory of 4660	4128	Unicorn-48657.exe	109
PID 4816 wrote to memory of 4240	4816	Unicorn-36304.exe	108
PID 4816 wrote to memory of 4240	4816	Unicorn-36304.exe	108
PID 4816 wrote to memory of 4240	4816	Unicorn-36304.exe	108
PID 4624 wrote to memory of 2144	4624	Unicorn-6231.exe	110
PID 4624 wrote to memory of 2144	4624	Unicorn-6231.exe	110
PID 4624 wrote to memory of 2144	4624	Unicorn-6231.exe	110
PID 720 wrote to memory of 4336	720	Unicorn-2462.exe	111
PID 720 wrote to memory of 4336	720	Unicorn-2462.exe	111
PID 720 wrote to memory of 4336	720	Unicorn-2462.exe	111
PID 3456 wrote to memory of 732	3456	Unicorn-39096.exe	112
PID 3456 wrote to memory of 732	3456	Unicorn-39096.exe	112
PID 3456 wrote to memory of 732	3456	Unicorn-39096.exe	112
PID 1800 wrote to memory of 2720	1800	Unicorn-60808.exe	113
PID 1800 wrote to memory of 2720	1800	Unicorn-60808.exe	113
PID 1800 wrote to memory of 2720	1800	Unicorn-60808.exe	113
PID 4240 wrote to memory of 1860	4240	Unicorn-55624.exe	114
PID 4240 wrote to memory of 1860	4240	Unicorn-55624.exe	114
PID 4240 wrote to memory of 1860	4240	Unicorn-55624.exe	114
PID 1960 wrote to memory of 432	1960	Unicorn-45393.exe	115
PID 1960 wrote to memory of 432	1960	Unicorn-45393.exe	115
PID 1960 wrote to memory of 432	1960	Unicorn-45393.exe	115
PID 3428 wrote to memory of 2460	3428	5bd1a13dbb82e9991530d65c16b083d0N.exe	116

C:\Users\Admin\AppData\Local\Temp\5bd1a13dbb82e9991530d65c16b083d0N.exe
"C:\Users\Admin\AppData\Local\Temp\5bd1a13dbb82e9991530d65c16b083d0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
        10⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        10⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        9⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        8⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        9⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        10⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        10⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        10⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        9⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        9⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        8⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        7⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31152.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        9⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        9⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        8⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        8⤵
        
        PID:19028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        7⤵
        
        PID:19212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        8⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        7⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        7⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48301.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        9⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        9⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        8⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:19004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        7⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        5⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        8⤵
        
        PID:18452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        7⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        7⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        7⤵
        
        PID:19312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        6⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        6⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        6⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
        6⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        9⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        9⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        9⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        8⤵
        
        PID:19420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        6⤵
        
        PID:18944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        7⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        7⤵
        
        PID:19200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        6⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14926.exe
        7⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        6⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        7⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        6⤵
        
        PID:19232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        5⤵
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        9⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        7⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        6⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35715.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        6⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        7⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
        7⤵
        
        PID:18768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        7⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        7⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        7⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        6⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
        5⤵
        
        PID:19360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        7⤵
        
        PID:19284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        6⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        5⤵
        
        PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        6⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        5⤵
        
        PID:18960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
      4⤵
      PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32921.exe
      4⤵
      PID:15808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        9⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        9⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        9⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        9⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        8⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        8⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        9⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        9⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        7⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        7⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        8⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        7⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        9⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        8⤵
        
        PID:19020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        7⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        7⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        6⤵
        
        PID:18836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        7⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        5⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        6⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        7⤵
        
        PID:19432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        7⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        7⤵
        
        PID:19188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        6⤵
        
        PID:18828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        6⤵
        
        PID:11236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        5⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        5⤵
        
        PID:18804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        7⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        6⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        5⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        6⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        5⤵
        
        PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        5⤵
        
        PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
      4⤵
      PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
      4⤵
      PID:16032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        8⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        8⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        8⤵
        
        PID:19224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        6⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        7⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13772 -s 464
        8⤵
        Program crash
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        6⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        7⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        6⤵
        
        PID:19260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        7⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        6⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        5⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        6⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
        5⤵
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        5⤵
        
        PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
      4⤵
      PID:16224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        8⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14236 -s 468
        9⤵
        Program crash
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        7⤵
        
        PID:18896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        6⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        6⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        6⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        6⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        5⤵
        
        PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        6⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        6⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        6⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        7⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        6⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        5⤵
        
        PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        5⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        5⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
      4⤵
      PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
      4⤵
      PID:10284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        5⤵
        
        PID:15960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
      4⤵
      PID:19040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
    3⤵
    PID:8016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
    3⤵
    PID:11016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
    3⤵
    PID:15152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
    3⤵
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
    3⤵
    PID:15700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        9⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        10⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        9⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
        8⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        7⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        6⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        8⤵
        
        PID:19248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        7⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        7⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
        7⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        7⤵
        
        PID:19108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22858.exe
        6⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4121.exe
        8⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        6⤵
        
        PID:18472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        6⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        7⤵
        
        PID:19052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4998.exe
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
        6⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        9⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        8⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        8⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        7⤵
        
        PID:19008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        6⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        8⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        7⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        6⤵
        
        PID:18900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        6⤵
        
        PID:19164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        5⤵
        
        PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        5⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        7⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        7⤵
        
        PID:19408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24256.exe
        7⤵
        
        PID:19452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        6⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        6⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        7⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        5⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        5⤵
        
        PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
      4⤵
      PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
      4⤵
      PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
      4⤵
      PID:16804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        7⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        5⤵
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        7⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        7⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        6⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      4⤵
      Executes dropped EXE
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
      4⤵
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        7⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        6⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
        5⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        5⤵
        
        PID:18704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
        5⤵
        
        PID:19336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      4⤵
      PID:13472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        7⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        6⤵
        
        PID:18740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        5⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        6⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        6⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        5⤵
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
      4⤵
      PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
      4⤵
      PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
      4⤵
      PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
      4⤵
      PID:18680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
    3⤵
    PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
      4⤵
      PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
    3⤵
    PID:15936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        9⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        9⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        9⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        7⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        7⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        7⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        7⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        6⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        9⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        7⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        5⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        6⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19435.exe
        7⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        6⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        5⤵
        
        PID:19056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
      4⤵
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        7⤵
        
        PID:14488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14488 -s 276
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        5⤵
        
        PID:18544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        5⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        6⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
      4⤵
      PID:15760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        6⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        7⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
        7⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        7⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        6⤵
        
        PID:18688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        6⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        5⤵
        
        PID:4864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 80
        6⤵
        Program crash
        
        PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
      4⤵
      Executes dropped EXE
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        6⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        5⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        5⤵
        
        PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        5⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
        5⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
      4⤵
      PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21995.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        5⤵
        
        PID:18892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
      4⤵
      PID:12804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
      4⤵
      PID:16112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        6⤵
        
        PID:18612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
      4⤵
      PID:9560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1910.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        5⤵
        
        PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
      4⤵
      PID:13536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
    3⤵
    PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
    3⤵
    PID:13260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
    3⤵
    PID:15416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        6⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        5⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        6⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
      4⤵
      PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        5⤵
        
        PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
      4⤵
      PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
      4⤵
      PID:14832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
    3⤵
    PID:7852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
    3⤵
    PID:10304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
    3⤵
    PID:5964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
    3⤵
    PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
      4⤵
      PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
      4⤵
      PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
      4⤵
      PID:11380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
    3⤵
    PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
    3⤵
    PID:16160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
    3⤵
    PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
    3⤵
    PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
    3⤵
    PID:10048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
    3⤵
    PID:16256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
  2⤵
  PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
      4⤵
      PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
      4⤵
      PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
      4⤵
      PID:9896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
    3⤵
    PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
    3⤵
    PID:13128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
    3⤵
    PID:11480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
    3⤵
    PID:9100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
  2⤵
  PID:7884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
    3⤵
    PID:19184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
  2⤵
  PID:3340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
    3⤵
    PID:2764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
  2⤵
  PID:15868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4864 -ip 4864
1⤵
PID:14572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 11972 -ip 11972
1⤵
PID:14876

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 380 -s 3080
1⤵
PID:14460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 14488 -ip 14488
1⤵
PID:3076

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:988

Network

DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR

Response

147.142.123.92.in-addr.arpa

IN PTR

a92-123-142-147deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

147.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

147.142.123.92.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe

Filesize
468KB

MD5
92af745ad9cda97af1f0448de72c46a1

SHA1
6dc627c33c6f7291534d1ddd0927119205483176

SHA256
5b10accd56e8a5974a29502670fef4c5448aadec4493af252d0139706a3b86a6

SHA512
edca4881cae7dcae8af5de0a851caed944bdcfbe052a4f9de128daae740b26f76169133246d1a3a446adca4adb1326863f8a00f52ad9b58f3bd63ee7d202431a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe

Filesize
468KB

MD5
69ae2ac897e6a7fff0f4ec81cbdc567e

SHA1
9ff0501b7c72ee8eca84274b7c1b5597d70a17bd

SHA256
0c3d897294b23d4f639f9a68bef06d9e5c29096e30b53237cbf333ebbc1021b3

SHA512
5ff9936e7b61a0dd4f80b9de2fdcfff26678ca0d89d5c1cd3247862cd116c52988871ffacface57c156b17d6c626c4e9ee74bf91b23db1f8b96eed633702b692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe

Filesize
468KB

MD5
41167c17ecd9fa0ae0d9524539ef3331

SHA1
bb40c5d7f8b6a22e352860b09fe6a239576ebe91

SHA256
353ba39eed2dbe89c8aa6a220fc8920ad9ea107c58a007592e02038868ba7b33

SHA512
f6929c5c4369d38380cc40e04bc19073f5b213288589067a7a66ec5cf9d85cc30eed2a819e97769bb6a19f2eb472d27c74491f0e0762a0a09aa8e24318db4706

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe

Filesize
468KB

MD5
c543fa679229ba7dcbd16deceb0920d1

SHA1
711ba43d696ae3b215904c51ad1ac2a5abb057ad

SHA256
23ac531e21d8f0e56ffc1d833e95b77447375d57d716d948fe5566d32d7e12be

SHA512
b7c9c0be77df058c35d95dd55a093f6616e141fcdc1d4f06dc2b5eea2938a0144f1ee2cdbc7536e1febb136cc871404ef48342c8907db0e546762867b9deeece

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe

Filesize
468KB

MD5
10a72d1decc4df6b632b952348e7b918

SHA1
f8d9cb610a3a7b142356b32bae2fc5f716dc77f9

SHA256
eee62a720fd1ad1bdc8d0bdc924f5971facf8e082f954c87ffb31fdd4709554d

SHA512
65e05ff65b3455d6aef638c8c021edca745a078d40ace37d958c6e76a9683c3013b7deeecaf373e981979b71e62b80486e90808c2f8a0368d7d750e20b3ba51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe

Filesize
468KB

MD5
8198e085524b8f2e676ccab14a571974

SHA1
73acae6b813132d4febdc2b6a464eb0c20c02479

SHA256
e244a87e8b51e0856ab09a4fc44c960e128c14bced2d8fba70a46631078fb0a9

SHA512
5384f17778f93df8f1443a56bbe41495fe9b86490adf0dc85d32805d178f7583ded4874aa9dc010fe0011a366f517c4ca7f0749167be4e4af435dff6b1f3e2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe

Filesize
468KB

MD5
becb6c2a9b13a8856b34ea9def2a210f

SHA1
9dc0027cbafc77f1806c1953f90d5abd0e177749

SHA256
5d2ac11323fecf746bfc0e8ba1a0a09857a633d5f781b8f3feabf2e96ac4005a

SHA512
4226527d3ecc25e08c098fe5ace6f88222cef9b564564995ef29f39ef8eababae24141114c5091ddd1f3fec612553f8dcf3ab81ce7b7410e4c3776907e3d4dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe

Filesize
468KB

MD5
b5e95e773d8bdaffdd4ee79281eb8c3a

SHA1
008b01405fac6e4890df4008043acf39e7835b4c

SHA256
6ffec4a25448e761397f1ab291bef17dd5f4f676d1d70dbba4c7e343d89cc79a

SHA512
be8081bbc51f6a8d28d490fc6dc6fbf2e0348fa742b26d5787bb027535a2f9ec66c5e912a63f5ca4c5e3f3c4e75b64bb20bb139cb97b7bf5ca9d8069602b7306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe

Filesize
468KB

MD5
95341de6de05394f5b654c973d65f0ee

SHA1
0433d583b0a47ed2c20e848bc2b0d3d1e84807eb

SHA256
1e73d443a68e9471aa7fa60294b59c0f2e6f0bf5c6bfb5777f6ecae8d8da8182

SHA512
a06ffeb7da990f486f20513bd49f8322867649117edf6f505f88912fa3da258a6cf6305d07650737843d1b4feef7af7e1f6ed1956c6ebf41b6b409377b1524fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe

Filesize
468KB

MD5
e6fdb41408e7e1072acebe780281f359

SHA1
301d985eea86852532991238308ea22d6bbabce5

SHA256
f0201839861f427c475616e7c7c5d73f2866be6604b414ab21c9cb4dc56bd5ed

SHA512
eefcf637d6a00b34157debc3638e00cbf7a744d02bbaca42ce89f7679db9ee675cdfc6c5173ae4180abc0299223fc014fb56cfb48d0f4746f8d18b859548d8f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe

Filesize
468KB

MD5
7c377d5981e1c42573110f2efce7aa38

SHA1
860ef1077bb76211b221e6aa691603bd0826e1a6

SHA256
483e782bd80bb2006cc79a631147647640ec2d0787b6f4129efa6d2f346d7480

SHA512
f998a2e0f7ad68456ca7f5a5fad33e69c5909c8546a4f6d35889d68cb51880fbefb51523d557837b8a8337b6c429bb643504595227953b5d062dc71eae3f11e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe

Filesize
468KB

MD5
55a6a2be1387105750456d2d742150cc

SHA1
3c2da32bf331746b19c6b22e27f66bc3db4cb14e

SHA256
4068b6dcc00d0847c444426cd0a5527aa076fd091a937924b0eff7f2381c7efa

SHA512
95a646b739e02a04014c2e22d5e4d54770d34dc25ffacb785bca76ff77807c9082d9dd110b130208bbf16c1b4d228837709b1a2bab35e233242ae330dea88e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe

Filesize
468KB

MD5
95b5d15624f38a6dd0cd46c2c04a9d73

SHA1
8075d5b5969428b1e341558419e6eb79c4a4f1e0

SHA256
ffc6f8eef24653cdbf8c4463a9fbd69bc6a43da3bd68b3c955bfcc078458fffa

SHA512
36d3efa88e111dd9c7eee71acd10715e95d5a95ff9e70c0214303562d36be339397baff1174379219157dfde5366119ae43ce115cd56a28b902018c167423da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe

Filesize
468KB

MD5
0b3ca992b5e4d179dbb44da2b6bcaf83

SHA1
9eec705064a18ea9d22729f4e1e6790890365dcf

SHA256
a9590b91fe68ebc0fb5c5f3793751fc544c1bb12334cd31dcd42ca064a8cf4b0

SHA512
af5150965327a23c7a87fc1e26ee13dde1f4eb33903602b57be3f602b735158db790e75a6ab20145182635f713fd6fd2c1c265065dc6b2d94156136e15ec3553

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe

Filesize
468KB

MD5
54ebf22b709ac492b427a4abff3839d9

SHA1
3b0b63fb0a52e11f1cc326f25ae32069abfb522b

SHA256
473fdb153547562f4f619a190b646a15be6c3cc395da261c6e15bbfd4fe32364

SHA512
62b73a26e5dd25e7d2df189f83090a3e0232029806309dc79ffcde9bd0a5c4b4c86378f7cefa040958bf7dd90dcdd430a6c774d172e196e67e6a2af3cb86e424

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe

Filesize
468KB

MD5
390c765f195a09f782d8ef75b5c0776e

SHA1
b5627e1bb6ce86f8f5c1c197a8683bf463b7fa57

SHA256
c5ae086475693848445bfca0a73e71ad7aabccce0a55a92873b2aa70e72fae77

SHA512
adc9466f621ba0e270c8c1c69976df84f762f67b8e21bb219e2e561116949d004c6b383f2a932212a025060d94b05bd458b0e2ee8da67eb16c957a662807b040

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe

Filesize
468KB

MD5
1bc2393bcb8045367338fb4c84fca266

SHA1
377cf058df0a199c5965c64c076863ab13ac564f

SHA256
13e194499e05a6af31bf4a9f52a1411d8501a81b8aeaafdd20b2c2bffab17e14

SHA512
b5b1d316d0b2df9f4b0f4845c761068039f1f985fcd1771b117d87cca1cf7a4b8f543458b211fb7eab0e11cee0bcf36787624a6023a90334648e110ea7670b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe

Filesize
468KB

MD5
998ceed5cd68e5e7b2c3a5d0afe6781d

SHA1
8209f7384402305289e1658d328b5902f412f9df

SHA256
b95431a2716e664f6dca4ebbfdae502eadc988a59c74de3f18a05d185b98b2a2

SHA512
4e757796282c6e4500492b68d1aeedc30d0c95140076b4284f73318edf6b25a63cb72cdc7d4bb01cfa46d2cde23121272e30d4531b53aad5b13b28894a088eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe

Filesize
468KB

MD5
853f191e98489cf7c9cc1fff7c5e79d2

SHA1
aabd4530573eb4446a5fd960cff9316a06a22436

SHA256
3561c08d504fd15656461e1a565af015461f77852c20ba93f64cae72d53ce346

SHA512
41b4d8ce0ad7254ef93c0e7d52c53d260fc243b211ed378eb38b2cc5e3a73539010c1ac28811c26b1b743755284bfd3d4b51c9e8ec7a2f06857ba3896dd5918c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe

Filesize
468KB

MD5
d36540f85363b94f4cc5cedcee0289cc

SHA1
13c47b02b92855ee70b86d79ce67a1eabd601d26

SHA256
fd69f6dbd1f788500eaf86e30eed39a3435ef2da9fab3ea53355d842b22f403c

SHA512
2f2e9de2e8244027ffedeaa834063ea9825d4d4942435bb7d5d8548747db5b88fe40449773446c255fb514374df65213cd384e496c183f9d4898a47c0f43a9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe

Filesize
468KB

MD5
4ecae58a9544dc55428aae3bb676f7ec

SHA1
45d96764f8af0f9eb5875f4e96f3d002aa66836d

SHA256
758e0a328bd18468649b58fe3ab0c3ff30bd8aa076a9b07c2075faadf97b9c14

SHA512
d9939d8d1ab3f1f0d0b5b11b667721de00d66b7ce85d402ea656ea310217c50582f097ef402f88546ae6091b6566d9d5dd9669872ab8cb7acbed750dad5c0596

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe

Filesize
468KB

MD5
fd9fcfe2d6d3e884917692cc95598263

SHA1
8d50cbfba5cb8861d6cd7831a37519095322f2c5

SHA256
5681c222dcc877f96649bbddb1f855c05c8ad28bec558545ba7f4dccf406538e

SHA512
44843c2c2d02add2992a0f0f41413111f2dff9af156abf4444e8b535fb8c974126207db3024782c19001d538e6b0acec6c027746b4918c243341cbf630260e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe

Filesize
468KB

MD5
c79086a0267112195e73ad4780cc1de4

SHA1
40ab279d2eb2b359bf83c7f24a61e1625a213ebc

SHA256
3de87a23305210c4bceddeeae9ee26d77618ada56f7b92202640f90cbff9e720

SHA512
81daca579da18256259a04f2bec966a3bf53b457826fe4e4154fb8ab3899d226cec530ee13d2fb666976869aabb40dfba77bbfc83a04bcf81b7bddd802ef0ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe

Filesize
468KB

MD5
b72830f3baefe7727a71b46becde87da

SHA1
1c88387a943e979133f12ec1fade0f7205a0257e

SHA256
af6bf53938d5f7d5cc8f32a38300071fb90a0ad19a8b12c7fd25b7f96419b412

SHA512
d526224a618a5368ad3df223c76cfa30ccba830d45c492a6dd728b3d16a8c71e162b7c8e3371931c1c984a7525699a646cdb0373648d414260f8944543723759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe

Filesize
468KB

MD5
e19bc09b3b7e9e695a784220a7ebbbcd

SHA1
76005506abc67b925262be97a78b05bd4175fa93

SHA256
8ae49ed485e86900db5a12de9b6813276c610a3c632fc6b117e83ff8c5fc180a

SHA512
75ce6eae9dbc747df6affc4e67b8b7ca975cb3aec6043189089d2b12f5875b82c103aa5a51a0a41dbc36266e1430393849e45fcde864b941ddb38b375d1e3813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe

Filesize
468KB

MD5
bb02bc0bbffd248f60ba4c225498be37

SHA1
196f368d88384e1b48b04f1eae217235af73ddba

SHA256
19c1476339907aef1c296d2b81739a2fc0b36eb93ee6f9cd53d77df0eb740e62

SHA512
c2fea41f9fed276e9824abd72542e84fd84950f4c380a42ed9291f445a5382d720412182c60dd1f2741360d08275be602d5c315138ee5be9e74f7bd0791b3b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe

Filesize
468KB

MD5
3a00066ce16d5fb9aaec72cd7f0ec223

SHA1
9f7598b4a5ee70af016ad9c89e1e539ce70dfae9

SHA256
52498c598c1f66234b3637f59d92c6b19de78cff85be7af2abcd8966f589db80

SHA512
e6eb771c193b1d3901bad030e9d7967a1f46b52ff34f47501aed11df86b10760dcf3cc817ded5d2ffdb61787e46da0bf807001c592a02ab111367ebdcedb7ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe

Filesize
468KB

MD5
7a95a7a011caa64097cfe177e3c02a01

SHA1
bba077c7a727f436bf949c8b76f54d4f6bedbaf3

SHA256
575236e71912547f067109dfeb51c0778d77daa423c1a4eec4a130ee18658f57

SHA512
e0d771481736bdb570b15f5f330401ce54f9b1f977b38319fb444c15a5e36a474b3e4cac03ee066ea993b7bd92e2a3da729f5ee309f8f22eb70d3ee581abe60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe

Filesize
468KB

MD5
3b88f9538a597b89a852ded49a296d7b

SHA1
3be6ea4db0c2a824466770e89054b6727524844e

SHA256
d7decf05cb75154744c96a1fabc431ccec29dfedacaea492ca5e7040a94fe3d0

SHA512
07ade25fbc2dff61e846a7078dc3326411ad5bcf89478791d827dbbad1710d4a3595a1fe0d0453303bf77da24e3a5e33075ffd074cb69853d4a786d9e0c0b548

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe

Filesize
468KB

MD5
3b1596a8d9cbb4b1e13fd75f5c0235ef

SHA1
6d764f693ff3d80f9b387101090a25fc23b12405

SHA256
ad68de41bcba60a5c4a0b7e1e57d8348ce98c42ec73ae23f86ad57ee7c862fb0

SHA512
a069b02e0485d7d6ea75a7a3538d026d3f2e97ab5f0f094215727ff6706602471da011f9a5120b45240282f1e3ec1b2aed94e317ef573d5d49147be414b5260d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe

Filesize
468KB

MD5
276e0acc085469975b91fb0761bf802f

SHA1
d07bea73fc1ca8574b83f7cf1bd6ea8597389805

SHA256
50dba151caa3f9e6ab159935f624c8d0ac6fb01f95a5cb577b9dfafae86bc93c

SHA512
bd70f4585b03d00ce7cc73d24e5df94419df5f9a7e8b7a59d06b2b4279dc6427606f8c17cbb373e45347c70e4146f68cef5e2d3d0573e47dd5b5743a4b48419d

Download Submit
memory/432-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/448-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/720-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/732-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/752-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/796-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/844-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/884-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1072-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1092-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1216-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1444-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1772-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1800-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1864-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1968-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-3068-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2916-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2980-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3064-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3388-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3428-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3860-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4056-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4068-3062-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4128-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4160-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4240-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4252-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4656-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4660-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4672-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4864-3263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4932-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5100-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5348-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5372-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5396-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5416-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5436-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5536-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5568-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5616-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5644-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5656-601-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5680-611-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5692-612-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5712-625-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5720-613-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5732-614-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5764-615-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5784-621-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5792-622-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5800-620-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5808-619-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5816-616-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6024-629-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6052-685-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13740-2956-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14516-3067-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14532-2768-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14644-2820-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14972-2533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15176-3066-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15180-3073-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.