32f131138434c3714d9164d2ef95347efef89f20491fa0cc79b5cae9049d8135

Analysis

max time kernel
120s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfff9097367063373065a6b56da24630N.exe
Size

468KB
MD5

dfff9097367063373065a6b56da24630
SHA1

1d7c6921a1e702323524bf2e243ee1878c9053cc
SHA256

32f131138434c3714d9164d2ef95347efef89f20491fa0cc79b5cae9049d8135
SHA512

f61d0d2db61e02d0ec849f11118bf3d8afbf4a0f4dbcfc6c048d7a50b64d559a435704b804921b796b89f04db3068a0de2c13b320a696c47c9d69bade5040ed9
SSDEEP

3072:WAblogudjx8v2bYwPzN38J5EChjWIpzEmHevVpUVAY3UH+0DQlu:WABoFyv2HPR38Js06cVAG2+0D

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5420	Unicorn-46067.exe
3308	Unicorn-59746.exe
5204	Unicorn-24613.exe
2236	Unicorn-31599.exe
3372	Unicorn-31599.exe
1224	Unicorn-65018.exe
4960	Unicorn-13216.exe
1764	Unicorn-20162.exe
4392	Unicorn-25315.exe
1268	Unicorn-62818.exe
5176	Unicorn-54650.exe
3576	Unicorn-37567.exe
3096	Unicorn-26010.exe
1460	Unicorn-31436.exe
4208	Unicorn-37567.exe
5236	Unicorn-56783.exe
5624	Unicorn-48485.exe
4600	Unicorn-52891.exe
1456	Unicorn-4328.exe
3344	Unicorn-21371.exe
1984	Unicorn-60165.exe
2592	Unicorn-62211.exe
4916	Unicorn-758.exe
5412	Unicorn-11864.exe
5656	Unicorn-41791.exe
2492	Unicorn-58298.exe
5776	Unicorn-17679.exe
4572	Unicorn-32782.exe
3608	Unicorn-28963.exe
4636	Unicorn-63519.exe
3584	Unicorn-14873.exe
1284	Unicorn-3026.exe
2708	Unicorn-53388.exe
1520	Unicorn-31807.exe
2240	Unicorn-60566.exe
4580	Unicorn-46498.exe
4480	Unicorn-62049.exe
5748	Unicorn-31785.exe
4844	Unicorn-46498.exe
4304	Unicorn-61718.exe
1324	Unicorn-54156.exe
5308	Unicorn-56503.exe
1916	Unicorn-14785.exe
4168	Unicorn-4157.exe
4780	Unicorn-47458.exe
4828	Unicorn-24023.exe
5296	Unicorn-52611.exe
5088	Unicorn-65055.exe
2380	Unicorn-36275.exe
2456	Unicorn-46150.exe
6108	Unicorn-12730.exe
5180	Unicorn-12465.exe
3588	Unicorn-35396.exe
5360	Unicorn-59885.exe
3012	Unicorn-57085.exe
2216	Unicorn-48153.exe
1388	Unicorn-16985.exe
5200	Unicorn-49186.exe
3484	Unicorn-30389.exe
2356	Unicorn-28958.exe
2812	Unicorn-17775.exe
4216	Unicorn-48401.exe
2824	Unicorn-49549.exe
6016	Unicorn-61246.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3304	3608	WerFault.exe	120
2540	228	WerFault.exe	168
16192	12960	WerFault.exe	665

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20943.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4408	dwm.exe
Token: SeChangeNotifyPrivilege	4408	dwm.exe
Token: 33	4408	dwm.exe
Token: SeIncBasePriorityPrivilege	4408	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3844	dfff9097367063373065a6b56da24630N.exe
5420	Unicorn-46067.exe
3308	Unicorn-59746.exe
5204	Unicorn-24613.exe
2236	Unicorn-31599.exe
3372	Unicorn-31599.exe
1224	Unicorn-65018.exe
4960	Unicorn-13216.exe
1764	Unicorn-20162.exe
4392	Unicorn-25315.exe
1268	Unicorn-62818.exe
1460	Unicorn-31436.exe
5176	Unicorn-54650.exe
4208	Unicorn-37567.exe
3576	Unicorn-37567.exe
3096	Unicorn-26010.exe
5236	Unicorn-56783.exe
5624	Unicorn-48485.exe
4600	Unicorn-52891.exe
1456	Unicorn-4328.exe
3344	Unicorn-21371.exe
4916	Unicorn-758.exe
2592	Unicorn-62211.exe
1984	Unicorn-60165.exe
3608	Unicorn-28963.exe
4572	Unicorn-32782.exe
5412	Unicorn-11864.exe
2492	Unicorn-58298.exe
5656	Unicorn-41791.exe
5776	Unicorn-17679.exe
4636	Unicorn-63519.exe
3584	Unicorn-14873.exe
1284	Unicorn-3026.exe
2708	Unicorn-53388.exe
1520	Unicorn-31807.exe
2240	Unicorn-60566.exe
5748	Unicorn-31785.exe
4580	Unicorn-46498.exe
4844	Unicorn-46498.exe
4480	Unicorn-62049.exe
4304	Unicorn-61718.exe
1324	Unicorn-54156.exe
5296	Unicorn-52611.exe
4168	Unicorn-4157.exe
1916	Unicorn-14785.exe
4828	Unicorn-24023.exe
2380	Unicorn-36275.exe
5088	Unicorn-65055.exe
4780	Unicorn-47458.exe
2456	Unicorn-46150.exe
3012	Unicorn-57085.exe
3588	Unicorn-35396.exe
6108	Unicorn-12730.exe
2216	Unicorn-48153.exe
5180	Unicorn-12465.exe
5360	Unicorn-59885.exe
1388	Unicorn-16985.exe
5200	Unicorn-49186.exe
2356	Unicorn-28958.exe
2824	Unicorn-49549.exe
3484	Unicorn-30389.exe
4216	Unicorn-48401.exe
2812	Unicorn-17775.exe
2164	Unicorn-63062.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 5420	3844	dfff9097367063373065a6b56da24630N.exe	87
PID 3844 wrote to memory of 5420	3844	dfff9097367063373065a6b56da24630N.exe	87
PID 3844 wrote to memory of 5420	3844	dfff9097367063373065a6b56da24630N.exe	87
PID 5420 wrote to memory of 3308	5420	Unicorn-46067.exe	88
PID 5420 wrote to memory of 3308	5420	Unicorn-46067.exe	88
PID 5420 wrote to memory of 3308	5420	Unicorn-46067.exe	88
PID 3844 wrote to memory of 5204	3844	dfff9097367063373065a6b56da24630N.exe	89
PID 3844 wrote to memory of 5204	3844	dfff9097367063373065a6b56da24630N.exe	89
PID 3844 wrote to memory of 5204	3844	dfff9097367063373065a6b56da24630N.exe	89
PID 5204 wrote to memory of 3372	5204	Unicorn-24613.exe	92
PID 3308 wrote to memory of 2236	3308	Unicorn-59746.exe	93
PID 5204 wrote to memory of 3372	5204	Unicorn-24613.exe	92
PID 3308 wrote to memory of 2236	3308	Unicorn-59746.exe	93
PID 5204 wrote to memory of 3372	5204	Unicorn-24613.exe	92
PID 3308 wrote to memory of 2236	3308	Unicorn-59746.exe	93
PID 5420 wrote to memory of 1224	5420	Unicorn-46067.exe	95
PID 5420 wrote to memory of 1224	5420	Unicorn-46067.exe	95
PID 5420 wrote to memory of 1224	5420	Unicorn-46067.exe	95
PID 3844 wrote to memory of 4960	3844	dfff9097367063373065a6b56da24630N.exe	94
PID 3844 wrote to memory of 4960	3844	dfff9097367063373065a6b56da24630N.exe	94
PID 3844 wrote to memory of 4960	3844	dfff9097367063373065a6b56da24630N.exe	94
PID 2236 wrote to memory of 1764	2236	Unicorn-31599.exe	98
PID 2236 wrote to memory of 1764	2236	Unicorn-31599.exe	98
PID 2236 wrote to memory of 1764	2236	Unicorn-31599.exe	98
PID 3372 wrote to memory of 4392	3372	Unicorn-31599.exe	99
PID 3372 wrote to memory of 4392	3372	Unicorn-31599.exe	99
PID 3372 wrote to memory of 4392	3372	Unicorn-31599.exe	99
PID 3308 wrote to memory of 1268	3308	Unicorn-59746.exe	100
PID 3308 wrote to memory of 1268	3308	Unicorn-59746.exe	100
PID 3308 wrote to memory of 1268	3308	Unicorn-59746.exe	100
PID 5204 wrote to memory of 5176	5204	Unicorn-24613.exe	101
PID 5204 wrote to memory of 5176	5204	Unicorn-24613.exe	101
PID 5204 wrote to memory of 5176	5204	Unicorn-24613.exe	101
PID 4960 wrote to memory of 3576	4960	Unicorn-13216.exe	103
PID 4960 wrote to memory of 3576	4960	Unicorn-13216.exe	103
PID 4960 wrote to memory of 3576	4960	Unicorn-13216.exe	103
PID 3844 wrote to memory of 3096	3844	dfff9097367063373065a6b56da24630N.exe	106
PID 3844 wrote to memory of 3096	3844	dfff9097367063373065a6b56da24630N.exe	106
PID 3844 wrote to memory of 3096	3844	dfff9097367063373065a6b56da24630N.exe	106
PID 5420 wrote to memory of 1460	5420	Unicorn-46067.exe	102
PID 5420 wrote to memory of 1460	5420	Unicorn-46067.exe	102
PID 5420 wrote to memory of 1460	5420	Unicorn-46067.exe	102
PID 1224 wrote to memory of 4208	1224	Unicorn-65018.exe	104
PID 1224 wrote to memory of 4208	1224	Unicorn-65018.exe	104
PID 1224 wrote to memory of 4208	1224	Unicorn-65018.exe	104
PID 1764 wrote to memory of 5236	1764	Unicorn-20162.exe	109
PID 1764 wrote to memory of 5236	1764	Unicorn-20162.exe	109
PID 1764 wrote to memory of 5236	1764	Unicorn-20162.exe	109
PID 2236 wrote to memory of 5624	2236	Unicorn-31599.exe	110
PID 2236 wrote to memory of 5624	2236	Unicorn-31599.exe	110
PID 2236 wrote to memory of 5624	2236	Unicorn-31599.exe	110
PID 4392 wrote to memory of 4600	4392	Unicorn-25315.exe	111
PID 4392 wrote to memory of 4600	4392	Unicorn-25315.exe	111
PID 4392 wrote to memory of 4600	4392	Unicorn-25315.exe	111
PID 3372 wrote to memory of 1456	3372	Unicorn-31599.exe	112
PID 3372 wrote to memory of 1456	3372	Unicorn-31599.exe	112
PID 3372 wrote to memory of 1456	3372	Unicorn-31599.exe	112
PID 1268 wrote to memory of 3344	1268	Unicorn-62818.exe	113
PID 1268 wrote to memory of 3344	1268	Unicorn-62818.exe	113
PID 1268 wrote to memory of 3344	1268	Unicorn-62818.exe	113
PID 3308 wrote to memory of 1984	3308	Unicorn-59746.exe	114
PID 3308 wrote to memory of 1984	3308	Unicorn-59746.exe	114
PID 3308 wrote to memory of 1984	3308	Unicorn-59746.exe	114
PID 1460 wrote to memory of 2592	1460	Unicorn-31436.exe	116

C:\Users\Admin\AppData\Local\Temp\dfff9097367063373065a6b56da24630N.exe
"C:\Users\Admin\AppData\Local\Temp\dfff9097367063373065a6b56da24630N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        10⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        11⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        11⤵
        
        PID:19124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        10⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        10⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        9⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        9⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        9⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        10⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        10⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        9⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        8⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        9⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        9⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
        7⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        9⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        9⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        9⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
        7⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        10⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        10⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        9⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        9⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        8⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        9⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        9⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        9⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        9⤵
        
        PID:19144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        8⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        7⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        7⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        8⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        7⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        6⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        9⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        9⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        9⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        8⤵
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        8⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        7⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        8⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
        6⤵
        Executes dropped EXE
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        9⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        9⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        8⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        8⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        8⤵
        
        PID:19160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        7⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        6⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        6⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53690.exe
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        7⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        9⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        9⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        9⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        8⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        7⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        8⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 720
        7⤵
        Program crash
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
        6⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        7⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        7⤵
        
        PID:19168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        6⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12960 -s 464
        7⤵
        Program crash
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        8⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        7⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        7⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        5⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        5⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        7⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        6⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        5⤵
        
        PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      4⤵
      PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        8⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        9⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        9⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        8⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        7⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        6⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        6⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        7⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        6⤵
        
        PID:18304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        5⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        5⤵
        
        PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        5⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        8⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51504.exe
        7⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
        7⤵
        
        PID:16856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        7⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        6⤵
        
        PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        6⤵
        
        PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        5⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        5⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        5⤵
        
        PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
      4⤵
      PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
      4⤵
      PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27429.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
        5⤵
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
      4⤵
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      4⤵
      PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      4⤵
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28100.exe
    3⤵
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        5⤵
        
        PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
      4⤵
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
      4⤵
      PID:18228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42478.exe
    3⤵
    PID:7964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
    3⤵
    PID:9880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
    3⤵
    PID:15160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
    3⤵
    PID:2416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        9⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        10⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        10⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        9⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        9⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        9⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        8⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        9⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        9⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
        7⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        10⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        9⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        9⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        9⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        8⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        7⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50234.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        9⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        9⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:19208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        7⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        5⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        6⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        6⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        8⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        5⤵
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        5⤵
        
        PID:18052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
        8⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        7⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        6⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
      4⤵
      PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
      4⤵
      PID:15960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        5⤵
        Executes dropped EXE
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        9⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        9⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        8⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        7⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        6⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        7⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        5⤵
        
        PID:18116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        7⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        5⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        5⤵
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
      4⤵
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
      4⤵
      PID:18296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        7⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38709.exe
        5⤵
        
        PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      4⤵
      PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        5⤵
        
        PID:17660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
      4⤵
      PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
      4⤵
      PID:19184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
      4⤵
      PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        5⤵
        
        PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
      4⤵
      PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
    3⤵
    PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        5⤵
        
        PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
      4⤵
      PID:18208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
    3⤵
    PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
    3⤵
    PID:11312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
    3⤵
    PID:17364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 488
        5⤵
        Program crash
        
        PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe
        5⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        5⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        5⤵
        
        PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        5⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
        5⤵
        
        PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
      4⤵
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
      4⤵
      PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
      4⤵
      PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
      4⤵
      PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
      4⤵
      PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
      4⤵
      PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
      4⤵
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
    3⤵
    PID:11528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
    3⤵
    PID:16896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        7⤵
        
        PID:18020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        6⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        5⤵
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
      4⤵
      PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
      4⤵
      PID:15488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
    3⤵
    PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
      4⤵
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
      4⤵
      PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
      4⤵
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
      4⤵
      PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
      4⤵
      PID:16272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
    3⤵
    PID:8540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
    3⤵
    PID:11816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
    3⤵
    PID:15560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
    3⤵
    PID:17172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
      4⤵
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        6⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        5⤵
        
        PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        5⤵
        
        PID:17180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
      4⤵
      PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
      4⤵
      PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
      4⤵
      PID:16924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
    3⤵
    PID:7948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
    3⤵
    PID:10876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
    3⤵
    PID:15108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
    3⤵
    PID:15648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
    3⤵
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
      4⤵
      PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
      4⤵
      PID:18260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
    3⤵
    PID:7648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
    3⤵
    PID:11004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
    3⤵
    PID:15256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
    3⤵
    PID:17468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
  2⤵
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
    3⤵
    PID:13084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
    3⤵
    PID:2160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
  2⤵
  PID:7580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
  2⤵
  PID:11940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
  2⤵
  PID:15696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
  2⤵
  PID:15920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
  2⤵
  PID:17352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3608 -ip 3608
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 228 -ip 228
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 12960 -ip 12960
1⤵
PID:15996

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe

Filesize
468KB

MD5
b7d46f741e41abc893a25d9c50731311

SHA1
fc3aef60d80b0fc237effde5c4105fc3ed5ec10f

SHA256
6c731286dc06ccbd39dd5b170be52387dc34040f5691d2495784d03ba03d3b12

SHA512
746bac3dc9b1f9fc985f11cfbad5abf732e051d5c8d86004c5ca7e372314aa04261009a6bc803ee1a7c983771c0bb3c413a01ba710eb64034f78d16c749abf14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe

Filesize
468KB

MD5
0814d4ade6b6c6de94cc2f20833b1096

SHA1
432f9d7736d524452e77d8201d670a3ee2e18f6f

SHA256
bbaa03f2073e8ecb3b6cbc06a72557601c6731bcea442ca70fd21ba83a93d888

SHA512
2531a818ac28ddc39681b5ccc96dd912a2dbcdd25833cb745c0f85c52ef48413809ce3cd31930e63a7c7a2f311c6995bcf40f3f4223ff9649cc5adf4bfcccb10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe

Filesize
468KB

MD5
fb7537751f0889ca5ade7fa229519386

SHA1
4b16c5f31d1c653fe2fdfbfd991bfeeddbdbe25c

SHA256
b7bde126453c3b083adffbd0279e9fa773f76c019b1f5927687da8648ac015dc

SHA512
3f14484104be8940bdcb5577bf792538738943115ccb7eb9d8d8a40e7670d7b4f47614adfabdb5e68cb09c07c4137cfed7fad14992813fc4110b84485b00e0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe

Filesize
468KB

MD5
3c09fd3488f0cff7effa4b3f5782971f

SHA1
7965e15838b6e7c5ab8f328c2c2e9c8a986a1d18

SHA256
7186136d2438327a590572d17b3239c1a3a35b87cf2c7f3be441948fbd9daf20

SHA512
9c5ed4a16401fc1178625d7e787962f3b6c086868747f3013acbd74dac18ed0c53261182f6014475273a5841495a1f4f759e271c010eaf8660addf72966af579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe

Filesize
468KB

MD5
e6b2d0261d6bd6a83e55af806f8c6155

SHA1
e29861fa5888b3a2125ddbc41190162a75709686

SHA256
1d08638278b41ba05eaa2295681266b34c1a61c1d24ab16bf4a4f12c03f170f5

SHA512
e1ed713443a401806316c1ea2a68c39b2882e1c019b32c28e21963eb7b70d899f6c859c1fcf8d3efdb22e9f56c5bbb412e7ad3c238aca3b7691ba24d4e8cb5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe

Filesize
468KB

MD5
d5f1020a45f2844f7e33f95b11b34e7f

SHA1
d91be0f320074ca7da21734909ef26bc79b375f6

SHA256
c8489c28fccd217b3f548afca2eaab8e7a902c81f62241b89af3a44ebeea914e

SHA512
47e8d949f660f7614016555c868a428ee80ea191f48d9951ae4c64927f8eaf5988e0a6b353c02537d083750cb29edb6f216efdcd48747c9948594a64ed96233f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe

Filesize
468KB

MD5
bd3d31738b4879613a4d53a35e774475

SHA1
9bb5b0d082a399377f95473ab084369a1bdd34f7

SHA256
95bec2bca67780d64b32c3ae64f83354977b8b8333e5daa35365f770b37c56f3

SHA512
698ba604e3a21a711eda036a17f551cb741019faccc3c0112ce8e7dd01bade58e4b03a999f6c9fa6391bca5958b81e83f70980a8260b766c8b0d965dd0ea7fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe

Filesize
468KB

MD5
5e46f616374d24371ff7829e64fedcaf

SHA1
e4bb5651b3b04f7231a311eff9d60e94c8fcd709

SHA256
7f2314054a4dd6dda19f937775ffa96032a4552715f5fb549958387bfbf0e832

SHA512
ce5d95e6df6d72f7b4b77f813e9a55cee8079f42962aaf60ee61f2166309c7b2236022dd6181607148227320d2281392354e52b903a185caf1107714323a201c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe

Filesize
468KB

MD5
18fb8fb881f8ab3f8b6a9070d48fa1af

SHA1
c1f33e56246cf3dce9731495baadb5c13446707e

SHA256
bc7dacd10f5755d551cf09a777340d2bd5efbadc52875f4f6b88b0047dff15f4

SHA512
0f31024b4a70195002ea21c1043c9e119fe6b046c6bdbd841040b3cab06f3178d089c06deeb5c6ed9757662e584be0e54c43d8908ccc2d981818288e684a96c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe

Filesize
468KB

MD5
4b292bd95c7d66083ad492668c1a7349

SHA1
586237911be1a079105c1f0efb40967d9cb27b51

SHA256
b376450f5cd4916cbaa2a986a312774106f70e62ecd8504739e0801e5f50d9b9

SHA512
1ee3e8a4a0eb4d5be3a4133b7618830b78ccfdab9f209e2ea58ae859c20fc285b35ec579a73b4a39f819c254efa41e54a1c80c26de7a59fa9cc296eaff3b1c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe

Filesize
468KB

MD5
febfa65f5e7f070105195a3cad8c898d

SHA1
ed43373dffd7c5b5ee75cc1108615ed29f4d5c19

SHA256
3ce2de1a9b2c1a8a55a0d8beeb4dc0e6556f1f81d94d658a4404ba0884e86177

SHA512
7fca1d21dda8094e009ce83df5b003587c2de831effb28134833b275f87aeeab98a6744fccca68353dafc977356d97563c1c68a427bb6e42c76941db78f13499

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe

Filesize
468KB

MD5
9f5610a301683e71863bedd1a30ec2df

SHA1
352800d158b183da00ab0f35412b33ecf1387b0c

SHA256
4a69c8d0f9efae0c2bfa9aaa7f62127a43617b5edde56d48ad51da29289fdbad

SHA512
72f4ce99e6ed0147d976e02a432b06140324ae8477e1343c643b37dd8e5dfc3d7382b9a1e7c9fd7c495a79182ad5cd0fa1a1901f826c11cf2ca8770fcc1e6f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe

Filesize
468KB

MD5
e2519bcea962d089011218b8b2cc3c55

SHA1
9fbbeadf4e06c5cbcbefee5c2a60ff668da1b38d

SHA256
8e0e556cf4ce0e44b6d22eb60516ed9f8af6fccbc7a98e59c0797046c827b952

SHA512
057b572204c7d6363e9b17d77e933115cd529a211eecc27511aa44d6a70dc91bb78e285808dd36130a04dfc1ac16102b00a73567f472891d31796af1adb7596a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe

Filesize
468KB

MD5
bce41e7201849ecdfe62aab6303c7cec

SHA1
5e128eaa2237d89cf3b3489e375351cde3c63db1

SHA256
e41fc3dbb826e3fefc5a930ba24dce0d836d2538eca069ffcb06f53dfc9d32c9

SHA512
bf798d8fa6d1c116fc1647287e155c4ac6d605e6cbdca3daca2fc8ac12410ff9cc4bc65644f6d3837b4b93478ce69983ff522d4462ba46793615b001fbfce451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe

Filesize
468KB

MD5
0fa7aa5b9883a615ad30401b73c5969b

SHA1
d682e25867809de46066ced80f85644f668d181a

SHA256
f5450992ae6c425be4e4afb7cca3017dd8409c25049c4f025dd096ce49fa1635

SHA512
02a898978b3a69ec6164f88e0d2dfe5cdd1e8726162848cd6ddd660200b9fe1e5705d8afc699dafff7cbe5b80bd838616cf80d6ccf9a551da219e1912b41510b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe

Filesize
468KB

MD5
c2d954ecb68a4c3057bb19ea8953aee2

SHA1
70d32c4e899353677b0fcabacc9b3055c5597feb

SHA256
1e10d3c586cdad587af53cbf00ed50ba73ca359b2b72cc419e4fc17cddaa0244

SHA512
4ce6fc5f86fe0bacf4108e0d6805ac12701e95a639ac46ee07e722393f5f75d306c2fbd1b18657e0b7d2c0dc9532430a4e4e5fa9c756a7eaf71277e30099d8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe

Filesize
468KB

MD5
3be4d4d8963746c7f04bd1b646fd7aec

SHA1
035f5c33df8126e24137bc1152b625a95f06500a

SHA256
79d9defb8f2d6b7d2e19c239069fc5a8b3307a35260cdcb258f10a77f1d80f87

SHA512
8ff26f4381664241598d69d6a5a5fe9e427c74e31ba2566f0bbce771349a6f9236b4fcaa677d2829c945fe594d00bd30c0013aa2172457c337a719744b961dc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe

Filesize
468KB

MD5
df1e5fda76a230d21c94a9c53706f6f2

SHA1
bddabcff8d82b1d3eeac9b4719fa3d0c532c337c

SHA256
07024d4ec796b8430e4a9483900e8a6cb9577f51e6abd88e71ee791d0def3508

SHA512
830a5c84c6b4e4079ec0f7f2a6190f4f136c023065c4c932bc7cda7d556707695cc43f63c1f09d58250d44d5c3c13a07339a87fcc16bf0356da38c5c7a0d8089

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe

Filesize
468KB

MD5
669ec93009fe465a13249eb0a800b496

SHA1
8dca5e619a5702627f1e05eb650e2069a3e41bac

SHA256
4732bfc32c014cdbca62e07e3ef128853e6d4849340f76c076801a5ae6453947

SHA512
72ffc02ca59c54ddf34ca73a98ca53a3066931d19a4ac654214ac811b68e136b61128062f591782ef1892b9283497ad8e3eedb6a71bbd4994ca60b9a72e68e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe

Filesize
468KB

MD5
e27b58517991d45b75e987b138a695c1

SHA1
36d42b0ef868e8a198300f2e018e4eea350d0257

SHA256
a0339e1434d8b8b5b975d3fe31a4ca75ca61f95ad747140098fe74614b9d9eaf

SHA512
801c4137bb380fed314b82ed0619b47d4a1e4fca9a3675e662e134f1f7a84fb24c05f1f87e4ee1d60bb878261106d1b96fbe0933a12ca58af88647cc9ca7acf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe

Filesize
468KB

MD5
5178beb72237459761f4b78f88ebdc93

SHA1
68c0b238428249e0f0a5d06843b5407e4ec3b7f1

SHA256
f52d29a75ab87570b36f3f805abca13f2a2b094d11f36c504a66bca757270918

SHA512
bf5fcdf95dbfafef0b65579eece8b5027dc96920ed7ce8fb9e098157331187fe327e53e03a88ff2bea0ff758632b26d9eff3f41a8bdfb22d9382748140ea3417

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe

Filesize
468KB

MD5
d3a13b22c5e83876cd3ba891ff818739

SHA1
d47794359ba53326b9061c2bcbcc0ca417a4be97

SHA256
7365ae9b6a76c55bbde2d2dd16ae729d2515a8bc7f8ae37190110cf4a2ca0dc5

SHA512
a71443251e970916587850c41f531325306bc50f85ae831ca79e448b67454e219822ab6213d2d45300945f8c0d0ad96328eb6badbe7c7ee2a30fce48c159acb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe

Filesize
468KB

MD5
49a9a5482b40990116edd663285bde25

SHA1
c9fc9837013ef9a37bfd060f67daeb462ccff47a

SHA256
0aabe2befa0987a5d98fd70a1f3ee33d65cfc0a482c0d07896f9aeb599dc9442

SHA512
de81dad8df93cfa57fa12a6da6dca398ec49f04a6aa01c0c9cdb9e67be5837b7463f92f16b6492f8eb179b3a61c0694d13c671e390a03ac195d0024f52f84542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe

Filesize
468KB

MD5
1f965c917c50fec7b3d401cd5cc859dd

SHA1
93d6862019b335a3e91dadf33a4d66f287aaa858

SHA256
d407650a8e50d53b6d613342bf493c9bfbe18fca90f3af0237f8f885c5519df7

SHA512
fff374f69e10cd5bd1619e8d82d3de9d1722ecb2f0785c0512371132866382ac1b4081959cbb7634c13ea6cdf4c708754260eed894451e299f23cb42a90fba9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe

Filesize
468KB

MD5
7b0d54eaef2e575bdb2a99710ea46cf2

SHA1
47a18d4a57f07de9dceae065410ff8a8c1d25136

SHA256
68ebbdfd7d8fe076ba3b127810254696ad5fc517931fcf737749965975cc4c10

SHA512
8d6bbc308505dda9d1a64b1864a0baf40a80a251004bc2d0e83f15ec8511f84ec5648f86701b5a8a48f40e533053d55b87327695ad9b62c567811a0eaafcc53a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe

Filesize
468KB

MD5
61724ace458c5740ef738fec8e79cf25

SHA1
c1595c717000438334ade733f4e3b715d58c3da6

SHA256
a42ec30cc00323734e75c8aa334dc256a30eb2b38ffb49941a9376f6e94710bc

SHA512
90bb85022782e58e5848ce76363f5d7e8d0adb69be9bcaf2c0232302a65d36aa829d0a2549e41b23e7244f48b4234ed03786756b1f11b8c5a0b275b4e3831493

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe

Filesize
468KB

MD5
b97a4acfcd9f4410b2ef0388312a8ce7

SHA1
89ce32745ee96a11a326189323d7d62b5d56b82f

SHA256
b671b67dc9475c0c45413109d2f446e7645b5a0512b002fcc21592d84cadb39a

SHA512
c0ea6fab73cae6725a99dd5cc6dae8b9b6e37806fdc38081c2e7ebd60416a2ca1def21742d9f0a6ce3d5349bcacfcd2fcb29d15a38f7fb60f3ad2d9970722f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe

Filesize
468KB

MD5
f3dbfdaa54e0be704c1ae38768d02cc8

SHA1
d58e133cc62f47b41f9f472a676c4fa84f952ba2

SHA256
532d8d5f4ad8aa1bbf668f819039d4069dcfb0b5d7582157425b3020f2ba7595

SHA512
29c252c62ea541ed90f81ffb954046aca9178ebefda43eaa3dc5c837de56ffd687aabd08e0aaa7b79e44901120f9087796e3b9e0237e557e05dbdd3e9a0ea9f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe

Filesize
468KB

MD5
7da8e90a2d1655e86602211c1367592d

SHA1
fc4ef5c9d13ddc5418fc347eadb94751ec7e842a

SHA256
edbc4340e0d226c6e8ececb1b75002d34b8a6efe455be7377c553f9875a4ee64

SHA512
33401c8aff2e508592e6949fff19f3561f6e2a1716ef00e8bdad7e86c7632fc827aad88c7971678494ce9700623589922b61ea3a6d11eb9480e01af31f36e8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe

Filesize
468KB

MD5
a3822ef33af74b75550fe95e5d1509e6

SHA1
91af4f5e663b9b7dd754ffe06d650bef13181e71

SHA256
309fc56ffab5675e59cc74de0b16d2bb4333e430137a10db339378db06ee4144

SHA512
1194d3b3eef233504265e1cba9baedf6722dc217a93b89a46adfa069fa96cac17508d2cc15f280d0f4e93971e0e37e4ce4144edbf8503addfa725468d0051c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe

Filesize
468KB

MD5
709b2dea8b2ce3ae6a7ea18626601e1f

SHA1
ffbd23751f8ecc17df12c72231ded0d2fdd0115a

SHA256
7af6b76a8a31f15d3fd566443dd8a82916a998f84ac0c96b261863e6b5bf2093

SHA512
ab3061d51fdff121a2784b1ed8edb62cd35287a35e62d90a8f1d21a0d0e738b36a69f51e6f43a24f75040aefc642c9b1e47127283b87195e6b3030a0d00528c6

Download Submit
memory/64-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/228-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1160-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1284-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1324-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1388-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1456-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1900-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2056-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2292-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2492-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2824-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2960-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3076-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3096-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3308-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3344-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3344-2727-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3372-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-2581-0x0000000075530000-0x00000000755CF000-memory.dmp

Filesize
636KB

Download
memory/3584-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3588-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3616-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4208-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4388-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4572-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4636-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4780-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5176-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5236-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5280-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-115-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5656-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5712-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5732-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5748-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5776-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5860-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6016-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6032-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6088-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6108-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15336-2622-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15612-2533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15644-2528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15728-2529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15776-2691-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads