b039e17ff82f7ae3aa63d45488496a170ccb21c7bd1abbc41bc18e45a1090a79

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1144223bc93adc16d14db31413e388e0N.exe
Size

468KB
MD5

1144223bc93adc16d14db31413e388e0
SHA1

2c3c1e57ac0ec18bf4abf4e04e0e9288af924b2a
SHA256

b039e17ff82f7ae3aa63d45488496a170ccb21c7bd1abbc41bc18e45a1090a79
SHA512

6483909a799a592b93af68474da07675f73acc671f3ad7644f91dbbbee9a7e3ef68be77dd0a824da6ae67694e441393352a1bb5dca335dcb4cbd8e8476c66490
SSDEEP

3072:zqDKowLNpP8o6bYPfzzj5f5/lgAoIpBnmHeAVs9qp2XXryZTLlQ:zqmo+0o6kf/j5fu03bqpI7yZT

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4152	Unicorn-43683.exe
1732	Unicorn-42923.exe
4772	Unicorn-39585.exe
1500	Unicorn-60515.exe
4812	Unicorn-7593.exe
1040	Unicorn-43987.exe
2456	Unicorn-6061.exe
1512	Unicorn-30059.exe
1772	Unicorn-10577.exe
1712	Unicorn-12954.exe
2300	Unicorn-39689.exe
1000	Unicorn-5855.exe
3032	Unicorn-5855.exe
3000	Unicorn-28834.exe
64	Unicorn-9233.exe
664	Unicorn-47075.exe
3036	Unicorn-18849.exe
1852	Unicorn-6234.exe
872	Unicorn-16440.exe
3988	Unicorn-38331.exe
1920	Unicorn-45082.exe
2112	Unicorn-7386.exe
3480	Unicorn-56322.exe
884	Unicorn-20961.exe
3648	Unicorn-57163.exe
3236	Unicorn-48995.exe
1396	Unicorn-40827.exe
4000	Unicorn-59009.exe
208	Unicorn-24107.exe
1056	Unicorn-15176.exe
1240	Unicorn-20769.exe
4420	Unicorn-2783.exe
1200	Unicorn-22689.exe
3196	Unicorn-42555.exe
3468	Unicorn-61505.exe
1064	Unicorn-43131.exe
3128	Unicorn-43131.exe
828	Unicorn-31433.exe
2548	Unicorn-51034.exe
2288	Unicorn-32955.exe
1544	Unicorn-31995.exe
4492	Unicorn-31995.exe
2756	Unicorn-1552.exe
1104	Unicorn-6265.exe
3516	Unicorn-42275.exe
2740	Unicorn-1818.exe
3496	Unicorn-1818.exe
1940	Unicorn-1818.exe
1588	Unicorn-42851.exe
744	Unicorn-22985.exe
2512	Unicorn-55466.exe
4004	Unicorn-53934.exe
3084	Unicorn-51905.exe
388	Unicorn-58035.exe
4088	Unicorn-17003.exe
1460	Unicorn-13665.exe
2880	Unicorn-57578.exe
2608	Unicorn-32377.exe
1696	Unicorn-7880.exe
4712	Unicorn-62674.exe
5044	Unicorn-33531.exe
4272	Unicorn-11906.exe
2784	Unicorn-11714.exe
3720	Unicorn-36411.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3172	7160	WerFault.exe	288

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24107.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	428	dwm.exe
Token: SeChangeNotifyPrivilege	428	dwm.exe
Token: 33	428	dwm.exe
Token: SeIncBasePriorityPrivilege	428	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3012	1144223bc93adc16d14db31413e388e0N.exe
4152	Unicorn-43683.exe
1732	Unicorn-42923.exe
4772	Unicorn-39585.exe
1500	Unicorn-60515.exe
4812	Unicorn-7593.exe
1040	Unicorn-43987.exe
2456	Unicorn-6061.exe
1512	Unicorn-30059.exe
1772	Unicorn-10577.exe
1712	Unicorn-12954.exe
2300	Unicorn-39689.exe
3032	Unicorn-5855.exe
1000	Unicorn-5855.exe
64	Unicorn-9233.exe
3000	Unicorn-28834.exe
3036	Unicorn-18849.exe
664	Unicorn-47075.exe
872	Unicorn-16440.exe
1852	Unicorn-6234.exe
3988	Unicorn-38331.exe
1920	Unicorn-45082.exe
2112	Unicorn-7386.exe
3480	Unicorn-56322.exe
884	Unicorn-20961.exe
3648	Unicorn-57163.exe
1396	Unicorn-40827.exe
1056	Unicorn-15176.exe
1240	Unicorn-20769.exe
208	Unicorn-24107.exe
3236	Unicorn-48995.exe
4000	Unicorn-59009.exe
1200	Unicorn-22689.exe
3196	Unicorn-42555.exe
4420	Unicorn-2783.exe
3468	Unicorn-61505.exe
3128	Unicorn-43131.exe
828	Unicorn-31433.exe
1064	Unicorn-43131.exe
2548	Unicorn-51034.exe
2288	Unicorn-32955.exe
1544	Unicorn-31995.exe
4492	Unicorn-31995.exe
2756	Unicorn-1552.exe
1104	Unicorn-6265.exe
3516	Unicorn-42275.exe
3496	Unicorn-1818.exe
744	Unicorn-22985.exe
1940	Unicorn-1818.exe
2740	Unicorn-1818.exe
1588	Unicorn-42851.exe
2880	Unicorn-57578.exe
3084	Unicorn-51905.exe
2512	Unicorn-55466.exe
388	Unicorn-58035.exe
1460	Unicorn-13665.exe
4712	Unicorn-62674.exe
5044	Unicorn-33531.exe
2608	Unicorn-32377.exe
4004	Unicorn-53934.exe
4088	Unicorn-17003.exe
1696	Unicorn-7880.exe
4272	Unicorn-11906.exe
2784	Unicorn-11714.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4152	3012	1144223bc93adc16d14db31413e388e0N.exe	89
PID 3012 wrote to memory of 4152	3012	1144223bc93adc16d14db31413e388e0N.exe	89
PID 3012 wrote to memory of 4152	3012	1144223bc93adc16d14db31413e388e0N.exe	89
PID 4152 wrote to memory of 1732	4152	Unicorn-43683.exe	92
PID 4152 wrote to memory of 1732	4152	Unicorn-43683.exe	92
PID 4152 wrote to memory of 1732	4152	Unicorn-43683.exe	92
PID 3012 wrote to memory of 4772	3012	1144223bc93adc16d14db31413e388e0N.exe	93
PID 3012 wrote to memory of 4772	3012	1144223bc93adc16d14db31413e388e0N.exe	93
PID 3012 wrote to memory of 4772	3012	1144223bc93adc16d14db31413e388e0N.exe	93
PID 1732 wrote to memory of 1500	1732	Unicorn-42923.exe	95
PID 1732 wrote to memory of 1500	1732	Unicorn-42923.exe	95
PID 1732 wrote to memory of 1500	1732	Unicorn-42923.exe	95
PID 4152 wrote to memory of 4812	4152	Unicorn-43683.exe	98
PID 4152 wrote to memory of 4812	4152	Unicorn-43683.exe	98
PID 4152 wrote to memory of 4812	4152	Unicorn-43683.exe	98
PID 4772 wrote to memory of 1040	4772	Unicorn-39585.exe	99
PID 4772 wrote to memory of 1040	4772	Unicorn-39585.exe	99
PID 4772 wrote to memory of 1040	4772	Unicorn-39585.exe	99
PID 3012 wrote to memory of 2456	3012	1144223bc93adc16d14db31413e388e0N.exe	100
PID 3012 wrote to memory of 2456	3012	1144223bc93adc16d14db31413e388e0N.exe	100
PID 3012 wrote to memory of 2456	3012	1144223bc93adc16d14db31413e388e0N.exe	100
PID 1500 wrote to memory of 1512	1500	Unicorn-60515.exe	101
PID 1500 wrote to memory of 1512	1500	Unicorn-60515.exe	101
PID 1500 wrote to memory of 1512	1500	Unicorn-60515.exe	101
PID 1732 wrote to memory of 1772	1732	Unicorn-42923.exe	102
PID 1732 wrote to memory of 1772	1732	Unicorn-42923.exe	102
PID 1732 wrote to memory of 1772	1732	Unicorn-42923.exe	102
PID 4812 wrote to memory of 1712	4812	Unicorn-7593.exe	103
PID 4812 wrote to memory of 1712	4812	Unicorn-7593.exe	103
PID 4812 wrote to memory of 1712	4812	Unicorn-7593.exe	103
PID 4152 wrote to memory of 2300	4152	Unicorn-43683.exe	104
PID 4152 wrote to memory of 2300	4152	Unicorn-43683.exe	104
PID 4152 wrote to memory of 2300	4152	Unicorn-43683.exe	104
PID 2456 wrote to memory of 1000	2456	Unicorn-6061.exe	106
PID 1040 wrote to memory of 3032	1040	Unicorn-43987.exe	105
PID 2456 wrote to memory of 1000	2456	Unicorn-6061.exe	106
PID 2456 wrote to memory of 1000	2456	Unicorn-6061.exe	106
PID 1040 wrote to memory of 3032	1040	Unicorn-43987.exe	105
PID 1040 wrote to memory of 3032	1040	Unicorn-43987.exe	105
PID 3012 wrote to memory of 3000	3012	1144223bc93adc16d14db31413e388e0N.exe	107
PID 3012 wrote to memory of 3000	3012	1144223bc93adc16d14db31413e388e0N.exe	107
PID 3012 wrote to memory of 3000	3012	1144223bc93adc16d14db31413e388e0N.exe	107
PID 4772 wrote to memory of 64	4772	Unicorn-39585.exe	108
PID 4772 wrote to memory of 64	4772	Unicorn-39585.exe	108
PID 4772 wrote to memory of 64	4772	Unicorn-39585.exe	108
PID 1512 wrote to memory of 664	1512	Unicorn-30059.exe	109
PID 1512 wrote to memory of 664	1512	Unicorn-30059.exe	109
PID 1512 wrote to memory of 664	1512	Unicorn-30059.exe	109
PID 1500 wrote to memory of 3036	1500	Unicorn-60515.exe	110
PID 1500 wrote to memory of 3036	1500	Unicorn-60515.exe	110
PID 1500 wrote to memory of 3036	1500	Unicorn-60515.exe	110
PID 1772 wrote to memory of 1852	1772	Unicorn-10577.exe	111
PID 1772 wrote to memory of 1852	1772	Unicorn-10577.exe	111
PID 1772 wrote to memory of 1852	1772	Unicorn-10577.exe	111
PID 1732 wrote to memory of 872	1732	Unicorn-42923.exe	112
PID 1732 wrote to memory of 872	1732	Unicorn-42923.exe	112
PID 1732 wrote to memory of 872	1732	Unicorn-42923.exe	112
PID 1712 wrote to memory of 3988	1712	Unicorn-12954.exe	113
PID 1712 wrote to memory of 3988	1712	Unicorn-12954.exe	113
PID 1712 wrote to memory of 3988	1712	Unicorn-12954.exe	113
PID 4812 wrote to memory of 1920	4812	Unicorn-7593.exe	114
PID 4812 wrote to memory of 1920	4812	Unicorn-7593.exe	114
PID 4812 wrote to memory of 1920	4812	Unicorn-7593.exe	114
PID 2300 wrote to memory of 2112	2300	Unicorn-39689.exe	115

C:\Users\Admin\AppData\Local\Temp\1144223bc93adc16d14db31413e388e0N.exe
"C:\Users\Admin\AppData\Local\Temp\1144223bc93adc16d14db31413e388e0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        8⤵
        Executes dropped EXE
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64546.exe
        10⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        10⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        9⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        9⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        9⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        9⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        9⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        9⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        9⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        8⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        9⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        10⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        9⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        9⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        9⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
        8⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        7⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        7⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        8⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        7⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        6⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        9⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        9⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        6⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        7⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        7⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        6⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        7⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        7⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        7⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        6⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
        6⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2682.exe
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57395.exe
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        5⤵
        
        PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        9⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        9⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        9⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        8⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        8⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        8⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        7⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        6⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        9⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        9⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        9⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        7⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        6⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        6⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21962.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        7⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        7⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        7⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        6⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        7⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        6⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        6⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        7⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        6⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15792.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        6⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        5⤵
        
        PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        8⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        7⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        7⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5570.exe
      4⤵
      PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        9⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8225.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        8⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
        7⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        7⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        6⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        7⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        7⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        7⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        6⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        8⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        7⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        7⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7058.exe
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        7⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        7⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        6⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        7⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        6⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
        6⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        7⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        5⤵
        
        PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        5⤵
        
        PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2059.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
      4⤵
      PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
      4⤵
      PID:15736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        6⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        8⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        7⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63458.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
        5⤵
        
        PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        5⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
        6⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        5⤵
        
        PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
      4⤵
      PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
      4⤵
      PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
      4⤵
      PID:8952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50459.exe
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        5⤵
        
        PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
      4⤵
      PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
      4⤵
      PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
      4⤵
      PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
      4⤵
      PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      4⤵
      PID:12472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
    3⤵
    PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
      4⤵
      PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
      4⤵
      PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    3⤵
    PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
    3⤵
    PID:9292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
    3⤵
    PID:7448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        9⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1889.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        8⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13234.exe
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        7⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        7⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        6⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        5⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        7⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        5⤵
        
        PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42379.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14882.exe
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57219.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe
        6⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        7⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        7⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
        6⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        6⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        5⤵
        
        PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        5⤵
        
        PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24202.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
      4⤵
      PID:11296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        7⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        7⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        7⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
        5⤵
        
        PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        5⤵
        
        PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
        5⤵
        
        PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
      4⤵
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12873.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
      4⤵
      PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
      4⤵
      PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        6⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
      4⤵
      PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
      4⤵
      PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
      4⤵
      PID:13772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
    3⤵
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
      4⤵
      PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
      4⤵
      PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
      4⤵
      PID:15596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
    3⤵
    PID:7676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
    3⤵
    PID:11216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
    3⤵
    PID:15176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
    3⤵
    PID:7824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        7⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        7⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        6⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64842.exe
        5⤵
        
        PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
      4⤵
      PID:7232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        5⤵
        
        PID:7160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 496
        6⤵
        Program crash
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        5⤵
        
        PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        6⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        5⤵
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
      4⤵
      PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
      4⤵
      PID:8928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        5⤵
        
        PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
      4⤵
      PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
      4⤵
      PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
    3⤵
    PID:9556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
    3⤵
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
    3⤵
    PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
    3⤵
    PID:15680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36731.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        5⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        5⤵
        
        PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
      4⤵
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
      4⤵
      PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
      4⤵
      PID:15808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
    3⤵
    PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
    3⤵
    PID:8260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
    3⤵
    PID:15292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
    3⤵
    PID:1440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
    3⤵
    PID:14256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        5⤵
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        5⤵
        
        PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
      4⤵
      PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      4⤵
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
      4⤵
      PID:9640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
    3⤵
    PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
      4⤵
      PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
    3⤵
    PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
    3⤵
    PID:13852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-666.exe
    3⤵
    PID:5256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
    3⤵
    PID:5828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
    3⤵
    PID:7660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
    3⤵
    PID:11188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
    3⤵
    PID:15184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
    3⤵
    PID:7408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
  2⤵
  PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
    3⤵
    PID:8384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
    3⤵
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
    3⤵
    PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
  2⤵
  PID:7700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
  2⤵
  PID:11200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
  2⤵
  PID:15160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
  2⤵
  PID:3760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
  2⤵
  PID:13948

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:3200

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe

Filesize
468KB

MD5
e75511b217fab3aef80cd42a356b895c

SHA1
cb650351d1b55e9ea85fe19bc98b207de13a8d6e

SHA256
9117bd9ab849b8174ee31de19d1918aa7c10a2d7715a5482875f23dff6a7a610

SHA512
46d82b0a0d402dbd34212bcf6d189b5202c8db0f48dc8442fc9d08baae111229307c0228b9980835242318e11c0e98d239c85c583ee707c7dc3a40839023f7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe

Filesize
468KB

MD5
15268447297991b3f8b14203009dba95

SHA1
45c860cc5032a9568eaa3fa9af157fb1f2a13242

SHA256
b4b7e29f06a220d7a935135a19897a99b017f243155f2758da6d9e446e5f9c9f

SHA512
d7e8e39ac7daa9a1c02ad9d7bb8d9f07102d554a98d1f376ef640f21de8c083b1de20349525606e216602a4b4fa3db5f9f27fc3e96814b5b947ff0a9b4fdc039

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe

Filesize
468KB

MD5
22085f727944e8662922ce3328e85c65

SHA1
3f5057ff86f3b6d968742d035ce67dc0e6b7e55c

SHA256
d16620b21cc279fcd2f050433cb824c53ba4d9fcd1f83bbee4bd417251ace517

SHA512
26e37278f4f96eec9a1b0dfac93d97e75d641093ff8020e67ac1d7f3a680a77555ba9feb8b00402ca33ddfad2e454d4d82262166a2c3454608f5eef27797c656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe

Filesize
468KB

MD5
8cfa72e70c7a6f7586364c35d318d719

SHA1
2860cbcbd71982666e2a0afeabaa3d3d31a59e86

SHA256
9d96ad6afff0236495ddd818bf69c3bbf9b6a3fd71d343f65dfeb0eaf5643ed6

SHA512
53bdf5767b515ec94f6636e0e5c43f852698e2c7ecd67a88c154aa5d8924922ac3bc53959951c7e5e9a521b8cacc2c7cb70ef836060f1827d6342fdc707011ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe

Filesize
468KB

MD5
d0441f04f7c08ef9a063622fc75b66d9

SHA1
6b6fa29f9a93dd136a8643bb9bb274aedc2d5a89

SHA256
3d423d937e4accc6a4061866c1c14cd71c75552efca8a579cfd06475b4509b0d

SHA512
7b33c2d2acfa65a318c790b5a6237801e1c8a95301e880f2b8053d349e70d3f9488e52aadc7398821d2282dc4138e8d0a7366206baa442f57cf376baaeae4125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe

Filesize
468KB

MD5
b30f94d70e17aa5ff90cb5762f7ae16e

SHA1
47e430eaba08f88fd86b5beb4d8a5fecf4525c8a

SHA256
7d21e98b43ae8013614a646168dea8d56ee428cd026e729b4b0540f6f2e3be6d

SHA512
601285a65a98e56cb00f4dac3b06e8703c53ad0e953e52fbd7abdfdcc8211785d0ae0b824c7015d1b179ecc0b3ec8b8231faaa60bf453226c6e9dbc30e5e48ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe

Filesize
468KB

MD5
3ca2901e22a5893486e0a0e86d090f1f

SHA1
5c7ddb10b3e8d828f0095cce37e6a4baf53e80fd

SHA256
faf0635a7a0c37d57e00ecb8a191c58ad7437643b3b918c3e2c2ae38a6541ef6

SHA512
b6ea5b85dd3ae7e2ccb084b17f9af59825e42eabea11acfcc1f66449c388a826ef7bfa842928b2b373e6bf270a777dae84dc34ec717aaa8d9ecf2aba9deda70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe

Filesize
468KB

MD5
c95e753762528b70b581e59668a155dd

SHA1
0a3a61f0f25a322ec7047d47244c4337cd9cbc3b

SHA256
f24ea594724369c1f247a27b466ccd573e89d5bfa53b4a8145bdd172ab4a9fec

SHA512
79f04e77190c9a791c1a4926c69b374f360f228ba41d6fa1281ec7c0b95458e48d9b94d6c7e8f7094ede07e91050ca60e370af142d256058ef09efac37c9a003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe

Filesize
468KB

MD5
54b063a1a5d37bc22b7c10c227ca8b2a

SHA1
bc1a996137a7cc54fb6b2d1b78bd2ba96df0723d

SHA256
c7fa532e7c98fbb6028d039aa618a1f55f2f9ce0df33f4a2b84db9b5ba555524

SHA512
f63a1a580f5d2e1f527226584412e521d69da2a09dfe2124023e234ded0873bec8d08fda04871a37b65aff7c793998ade79c151bcf58963c4d750ef14e6d94ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe

Filesize
468KB

MD5
93390e4d3b80197f0d7ce420cf70d856

SHA1
d819bb4f4ae3b88f908409e53cb601022facc8f9

SHA256
8c427f8c9954467f324f7ad4c143c143b5a1f3b9b88a24cf7de005bfa8925806

SHA512
e00d403fdbe1d17f617f6687549e695f6eb2365cf55330d85e0c53afbecdb813a89fe9dbf23fc6c69840e77eb5fdcfa8eee1907f7d735ccf48844db1f2dc2ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe

Filesize
468KB

MD5
8540ae5f74d30e29277f2e02c3ff9afb

SHA1
fa236d2c94e101161f208b5062c693cdd759eaaa

SHA256
3b2333ae084f6d708386bd6e0a5d23971a714a9548471f0b63406eb84b70e59b

SHA512
274c5f3f2a2b3ebf160fe77571e2acf076b6d5fd382f6ccd3e7c41d09ad7f417619219d3774b7a32f7c7311d1c46a0be3f9bf82110e4b152581cbb95c48d624f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe

Filesize
468KB

MD5
912c36dc5bd385342a4c8af9f223edcc

SHA1
ac006fd04789a0c13ba3a4d0e08d4dedb9ceedaf

SHA256
f534ee38de781596166a15e0d29d83a05ccac18c1b31612c8e52e31408a21052

SHA512
cea0c609532f915d21d0472a66d47ca791d6e6ec457f5686659b09a9be6585413eb61c31ff148cf2b5aad358d63e03dc367d524d371f16a14ebb01467d8e97fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30059.exe

Filesize
468KB

MD5
819533c874efac67135bf487892c3cdf

SHA1
dc9bdf00e08af72736fd2a1559823698374f0c19

SHA256
fe7143645cc3717d61833d6c7c6fda3212081e85e3adf1b26dd2bd2e261a198a

SHA512
ed3e48c0b886b2d60ad6fd4ae4878fcff1afc7d0faf9cae445584fee5dd873d20d4e7dc10ece2957572f51c952ac207d6175222dac37283a5550328b50df9ed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe

Filesize
468KB

MD5
b5736202e9bed28c058fbe8fc78df2a5

SHA1
f7ad339c889569478b5e9d9d75be91fcfdbc07d7

SHA256
715f1394f861498b34d243e5cfac1e52b6ccc92bc6665dc1468f9c7ac4083847

SHA512
db077446d9d33575288509436f9e7e1d20a683b4cad316f96c2907ee9ab93b29e341a48b6e510a2e89d066ca43e2de5bca8f439cb01bd06fb72d303a172827be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe

Filesize
468KB

MD5
06e4c4d9971004f79595c1182c659f92

SHA1
3715880b8dd44ae82ffae346f286e3d2a7af6c0e

SHA256
14ddb8e403d7234b5f5a550168172b12ecd97a09e7e3ef2f99b7332f72feb1d3

SHA512
76923977a6ba9c5693594339818658b91632ee7482e7a3e0cf0c401cb6a6fe79c6906aa8e842efd675c3b9be0add76e6f12872bd4b9b3e5f64f003ba68c8b70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe

Filesize
468KB

MD5
ccd35b6e452769a2c303fb7a99284a37

SHA1
73a614b50716e5bdcf7924072c4d59cb22a380ec

SHA256
dc9b18c3c8783771035e8acd6539a00ccccf0f3c2108b7af2bc67614d38972a0

SHA512
3dd05247df1b1f0e1d6f0ce9d57c9b20c068605560ff77bf8fb285a9cc1de2de6d142a044f174b027cca218f0edb0f25a5747b936f71b5f6340fb921dd030b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe

Filesize
468KB

MD5
ceda761f7a69c157d7fc4e98dbe49c2e

SHA1
e39fe52e3bf6ea69f16ebbb6edb23c1626828136

SHA256
4fe0738303477e40a09a75fb0bef72ed7bb6c3205e6d9b32a3b3617817693c84

SHA512
1017d3190013f40fbd2ede2708f0b2bc02bdfd5a170b2e68539483eed1d421202f99e83220f3c1792749d7fb0e694669090bd4bd6839f7125f2dc34cace3759e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe

Filesize
468KB

MD5
a57de056a618f0633bbce6231cf57022

SHA1
8c29a5eb15f17046b9854f9ba078ba762e1b4a6c

SHA256
836f83257333b3e33fc75eb609fb6c7a76f917db6d15f4217d257e9b0f74b489

SHA512
ae0af1bc7b58488a303c111662da7f815a4e4608ff728a887e5e5cc1f0ef4ab5bff40c1729ab4a7d6900ff6f3a9bd2f1296424f3cc1c8ef3d2f54b1063819193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe

Filesize
468KB

MD5
cb23e183362fe75ea6e1b882d3fbfa5b

SHA1
764707c6d1fe157bb4daaa898a1aba980c885737

SHA256
5c46964993f70af1276fe30dec7500a6c53df39dbf5bf95f2cd2ec6177b5b32e

SHA512
5afb1eb205959fb4adf237eb24396e9c1b52f03db0616490bb62783dd2c84b30e9c9734d0c21a3a61a3a4462ffc10129f4711835dda2296402d8cd5725f46dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe

Filesize
468KB

MD5
2bb3caec2a5b3d414a4681a95e48b7a6

SHA1
39f9e0375b62e5b58fbc66544cd92aada3bc6d42

SHA256
15baf8fdabe76bdb7c9b6ea434267794d5241457505e23f4ddfbfb7aa21da5a0

SHA512
9e68ea8227e524f0888e9744a69c4ce6cf0572bf539c7e58f7357bc7c5961ce46eb54a3a54bf3a3f105e833d542b61260e96502438721331d0e681647203addd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe

Filesize
468KB

MD5
e00faedde005aeeef5ea94d60276edac

SHA1
7a6d5b16e25644f19e464d01d4c7bc4538064bf8

SHA256
d47825d7659c023f7fa674e1cd7d8b3bd9b255bfaafb2e940a342af9b6dd4bed

SHA512
2f5207fadc2871a61b5948baf8cd2c56f14706b2656fb4d43becd95ca9ed72ea71d88a496e06779a2ea67b79d97deb8423a14b0ea79f9a162485aba157530181

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe

Filesize
468KB

MD5
3dfff0c480bbc9dc740bfd78c72020c1

SHA1
775d422c38ea6d273001ee66901faffb6a6f1324

SHA256
84d9734889f4dfe195ca5ed54cf5a57967ba4b80b07675b08c6766021a7387cc

SHA512
de365ecd76a33b6414af1f2f002131ebe831e029f6dcfcb21ddf2b4c5fbaa7c24276486fb80a5b64a96ee7972ddc0ed624c56179fff9786213f14e4c8bb4b124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe

Filesize
468KB

MD5
d44636999afe571d4ca3dc58963fefad

SHA1
07848253b0de61dc2fdea1f2c050ffa27edb778f

SHA256
aab094b475c8f473f7c978e5bf4da6478e052dc3a67332b43211ee69d3229a2f

SHA512
b345b8816c348773aa65349408d7b9f587d8605eb518062115cae95ee983d82be7c936f1674dc4bece7dde9d55a29805aedc849c2cba3dc29af25ee8923cb2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe

Filesize
468KB

MD5
b1888fc93aeb090463e6bad4823d6a7f

SHA1
4210cc8a18522b1720fc5e2f9660807ea97408b2

SHA256
192a11f900ab74e6cfb5aae178495457b8643b39f33af62cf48ef8760ccdbf21

SHA512
e02a382a166fdd93b813cee4fa01a55d6a84f561b729bde8f9ea2be230bc0e8581ef43e752e39306a0ada28c348d690434b9f5c42e10b1ecdff0967a3a3a0c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe

Filesize
468KB

MD5
5519a0ff34bd918be55a88b04db15db0

SHA1
631fab2082108c9c95f8572f93e80352a42c497a

SHA256
a1de4e8aed75a7182ee6cb8537d4f11fd1181affb67a54e5cea36d51a842dea3

SHA512
51010f92a34813c01f900b416868062a881949454e0af72d1f919e817ec481e1e1d04ed6a9b792aed0a000e9959ec27b09f623d3aee5b4192bb779bc8d24942c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe

Filesize
468KB

MD5
368c172b42faf085d0f469c563c233de

SHA1
e6f84387e5c95fbdb7aa03bd7a4b780889f355fe

SHA256
304f62f9085e5eb4a2236e480f8071ecb2bc6bf9cf72a89f621c4c8f1aa10148

SHA512
82864c5752a30b4031b6fc6989cde8ecc051e081a34c35aeec2f00d50323ecb22d980afff3bac2277410f50432bfa0d7d2b50af7c1bd1a0d7a8ef5f2eb248997

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe

Filesize
468KB

MD5
821b5069e32718ba8c02f3e6351cf6dd

SHA1
5c23217b5b5fc46a566b4c212a18049560a8545d

SHA256
b3950773c568103fc67bbb8ea6b503948f09dc39d346df00e9b9ca9ee09a47aa

SHA512
1bef3e457a4629188b2dcc32267323ff630fc29755ba4d72bb784a78aa208f3648508c96d6081b9243b6e6737dd598ba0c77c5c3a1d4fdd8d5a08f54f33e9a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe

Filesize
468KB

MD5
ea31a8ff53b766207a0539f69b84b172

SHA1
87eec596bb8ff4994678c54796caca0ac0ec7fa2

SHA256
b13b4340d25e20693beb09881333f2577a6e1f7ea5b2823cd3bc639c4fde8425

SHA512
71d048ff6698abecf4ee9b5b3ae0058dc3c495b282e35d7876ec969c2c0428562e2ce47fea5da798b5cedec807ebb4f03e9eea11b9e9bd095ca3d467976c757d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe

Filesize
468KB

MD5
8d893b972646cd0d778291487d5462fa

SHA1
4efaa3ef0f05f6900140842a13c2a7538929c864

SHA256
3ffb2fced9ff0861057e7dac0db607bf0cade12b903ff55c04e70e04926b98c5

SHA512
d1f12516c81230b43528424e93d9daf3cabb9157fd4238062e0d28679fbbdf49bba297d5cb7effb2c12eda1bbb9bb49b9d6e87ae944115095b63e779d4cabe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe

Filesize
468KB

MD5
26b018e65bacf487c985558a399fba6c

SHA1
23f6321b606438294c848e026a17f6630e241e88

SHA256
a4625c32ba02f830bc0edd83e569185edc18b4dd391509f6e08b44215909f2c1

SHA512
7edeefe7c2d4633cc4b5b7e39a3d0e27d8096625c53c7c6c91a1bb86d6cb07ab86ae74465f540c6f95e30009e8317e183a1bf21cef20ffead75d3c34911c29e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe

Filesize
468KB

MD5
8d863a78f6591a0145670e1919704bfd

SHA1
4b538fb311ffaea6ce0439d9fd6bc69dd0d9f994

SHA256
cc6859cb9c3317643cd09db1d9be0232825db5e459984c92a9828963ad876517

SHA512
d7879f0b41a9e40272b2b92236359d59f6b25729e3ed53abd511efc5bf3333253669be1bfe6bafe0d98d1cab2ad4f93729079607891b88ad93e7f61560948acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe

Filesize
468KB

MD5
724f61929874230ee9ca456ef097cab6

SHA1
8ecba00581ddc49d70caceb46cea7f9b13f628e1

SHA256
07223fe5831ef8a605f8ee3c2ca3fa03246a2ec5f6b9b932af7384fb0bc39a4c

SHA512
cd030dc69edc060b07ca1f9f884b0517cd57a63abcd0e42077c9441b728c8b520b06d86c3b02250116640ba9c2dd1e8ecd5ce14aa5c331076799bb96f711494e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe

Filesize
468KB

MD5
cc22c44ddba4275d0ea19c9dc010dff9

SHA1
f05687c08157d47708fe17b730686ffec9a03c26

SHA256
9e4bbcdde2c8971258433b5125ebc1a17abb719b60149775ff411728ff3e819e

SHA512
2dc00e9f450e3f6b196f3fa04ae98f0c6b54a0f8bd131a5baeb80c7b18db5ef4d373003793d39f7ef8412a55670b477ad592c1ca57343fd44ce338c5a5f55fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe

Filesize
468KB

MD5
0501f886ade531aa355f1b80ffde53a2

SHA1
2dd319d25553065ccb8775503b554aa4b46790e4

SHA256
54852fac87919d02f6285aa161c0bd81bd13bb89d43d0afde0f0c0b4a6fc7a15

SHA512
6a8b5845d10192d499be78d6692720847714cbdddc940fc971777717a67d9676fc87258a42e0a1094d393b0ebd06f2c929415852e687b6b0ec3890f5c7630e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe

Filesize
468KB

MD5
8a7d8eb1a9650b4290a7c5dcc55b2b71

SHA1
cb1700543648fb94fac6ea60b62317b524355b50

SHA256
ed4044421f68059845bbd31c8381cb6ad80b405dcd3a727a4b6704f432c17a83

SHA512
aac48cd7b7d054b41ae2e137564a39d3e4433fcf7e29c11df56fb11382142ce60f1ed28fba3380ea1e73b816f10d3fa8d35f20146f210f550b3846e0b7dbd568

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe

Filesize
468KB

MD5
955d14a45db76d107797a4922f26b53f

SHA1
f9595baa1863ff3ef29235105d080ffdd678605e

SHA256
fb12ed7e66de870463633dcd4e2f011637b5fe38f6488dda483289f2758016a5

SHA512
b7b03083da6e5ada2273ae189091825ce7166f85f7c4a9b9a5e9b1f3c8735c6d0ab623812d526604d2489fe341bcbd223b53311b33e87d0a3afe2736556b39ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe

Filesize
468KB

MD5
a38cec43279562a5bc7b834374136856

SHA1
7a57485ce0abfdbee0cec9b554f3028fa13d90e9

SHA256
ad698cd4aa04b1b80a285a91e3909af8510f4e7f1aaa36a6ce9465c139b721e3

SHA512
f530fabc6f6538fdc91a7294d55ecc39c8ba0707f0c4cc2ab282fd8ab4c0f4d7b6744a861c213b3f41fde33ea2470fb99ec6845b28c5be9f143a152716ef74cf

Download Submit
memory/64-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/208-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/664-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/744-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/828-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/884-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/952-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1040-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1200-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1240-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1316-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1500-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1644-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1772-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1920-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2112-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2548-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2756-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3128-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3196-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3280-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3368-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3468-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3480-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3496-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-3640-0x0000000076CE0000-0x0000000076D55000-memory.dmp

Filesize
468KB

Download
memory/3720-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3760-3949-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4004-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4088-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4628-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4712-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4772-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5044-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5104-3329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5236-3445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5388-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5552-591-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5564-592-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5572-593-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5580-594-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5604-595-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-596-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5696-599-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5732-600-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-601-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5760-602-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5780-615-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5788-614-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5828-620-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5852-621-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14156-2542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14256-3543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14752-3946-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14948-4049-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads