0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643

Analysis

max time kernel
119s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe
Size

468KB
MD5

823c3b94bebe0b433a55f8df5093e8c0
SHA1

8664607b57c53ab9423d166fff012cd360a93a05
SHA256

0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643
SHA512

08f97dfa4f7e42184b93396c53ac40d172879f586933035ac11c0dabfc91cca1b03bc255f044f1d154676d28b8cb427e5d3dc9b2c7a2f32ef55d61ea34ed000b
SSDEEP

3072:7+mnog8Cj28U2by9P73/qf8/oDhjyIplkmHBNTHw86U1fPn/Eflz:7+WooXU2kPr/qfk0Ly86wHn/E

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
532	Unicorn-16592.exe
5012	Unicorn-28734.exe
720	Unicorn-48600.exe
1984	Unicorn-16704.exe
4384	Unicorn-21534.exe
4436	Unicorn-26984.exe
3036	Unicorn-4517.exe
876	Unicorn-43232.exe
4484	Unicorn-55847.exe
4708	Unicorn-4045.exe
4220	Unicorn-10175.exe
4048	Unicorn-10175.exe
1644	Unicorn-39510.exe
3284	Unicorn-59376.exe
3964	Unicorn-50943.exe
2032	Unicorn-15359.exe
5028	Unicorn-51047.exe
992	Unicorn-45064.exe
2724	Unicorn-20294.exe
1832	Unicorn-9438.exe
1780	Unicorn-37472.exe
1636	Unicorn-4415.exe
3444	Unicorn-53616.exe
4656	Unicorn-27502.exe
3952	Unicorn-38438.exe
4888	Unicorn-47368.exe
2052	Unicorn-41238.exe
4320	Unicorn-64856.exe
4308	Unicorn-28654.exe
3920	Unicorn-52862.exe
4872	Unicorn-58992.exe
1396	Unicorn-33557.exe
4188	Unicorn-3486.exe
2764	Unicorn-23087.exe
1848	Unicorn-6439.exe
4456	Unicorn-14799.exe
2900	Unicorn-383.exe
4992	Unicorn-46055.exe
2856	Unicorn-32293.exe
2304	Unicorn-46439.exe
3936	Unicorn-767.exe
2504	Unicorn-51814.exe
1000	Unicorn-57944.exe
1336	Unicorn-33440.exe
2680	Unicorn-45287.exe
3932	Unicorn-37118.exe
4588	Unicorn-32480.exe
3656	Unicorn-40456.exe
3228	Unicorn-20590.exe
4756	Unicorn-32288.exe
3792	Unicorn-2037.exe
1560	Unicorn-56023.exe
1496	Unicorn-65271.exe
3596	Unicorn-26424.exe
1860	Unicorn-47975.exe
5072	Unicorn-2303.exe
2976	Unicorn-45374.exe
4764	Unicorn-14342.exe
4980	Unicorn-33943.exe
2188	Unicorn-34208.exe
2484	Unicorn-34208.exe
932	Unicorn-13661.exe
4228	Unicorn-10663.exe
1436	Unicorn-10663.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48856.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	624	dwm.exe
Token: SeChangeNotifyPrivilege	624	dwm.exe
Token: 33	624	dwm.exe
Token: SeIncBasePriorityPrivilege	624	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe
532	Unicorn-16592.exe
720	Unicorn-48600.exe
5012	Unicorn-28734.exe
1984	Unicorn-16704.exe
4436	Unicorn-26984.exe
4384	Unicorn-21534.exe
3036	Unicorn-4517.exe
876	Unicorn-43232.exe
4220	Unicorn-10175.exe
4708	Unicorn-4045.exe
4484	Unicorn-55847.exe
1644	Unicorn-39510.exe
4048	Unicorn-10175.exe
3964	Unicorn-50943.exe
3284	Unicorn-59376.exe
2032	Unicorn-15359.exe
5028	Unicorn-51047.exe
992	Unicorn-45064.exe
2724	Unicorn-20294.exe
1780	Unicorn-37472.exe
1636	Unicorn-4415.exe
1832	Unicorn-9438.exe
4888	Unicorn-47368.exe
4656	Unicorn-27502.exe
3444	Unicorn-53616.exe
3952	Unicorn-38438.exe
2052	Unicorn-41238.exe
4320	Unicorn-64856.exe
4308	Unicorn-28654.exe
3920	Unicorn-52862.exe
4872	Unicorn-58992.exe
4188	Unicorn-3486.exe
2764	Unicorn-23087.exe
1396	Unicorn-33557.exe
1848	Unicorn-6439.exe
2900	Unicorn-383.exe
4992	Unicorn-46055.exe
4456	Unicorn-14799.exe
2856	Unicorn-32293.exe
3936	Unicorn-767.exe
2304	Unicorn-46439.exe
2504	Unicorn-51814.exe
1336	Unicorn-33440.exe
1000	Unicorn-57944.exe
2680	Unicorn-45287.exe
4588	Unicorn-32480.exe
3228	Unicorn-20590.exe
3932	Unicorn-37118.exe
3656	Unicorn-40456.exe
3792	Unicorn-2037.exe
4756	Unicorn-32288.exe
1496	Unicorn-65271.exe
1560	Unicorn-56023.exe
3596	Unicorn-26424.exe
5072	Unicorn-2303.exe
1860	Unicorn-47975.exe
2976	Unicorn-45374.exe
4764	Unicorn-14342.exe
2188	Unicorn-34208.exe
4980	Unicorn-33943.exe
932	Unicorn-13661.exe
2484	Unicorn-34208.exe
5052	Unicorn-35095.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 532	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	84
PID 3464 wrote to memory of 532	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	84
PID 3464 wrote to memory of 532	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	84
PID 3464 wrote to memory of 5012	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	88
PID 3464 wrote to memory of 5012	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	88
PID 3464 wrote to memory of 5012	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	88
PID 532 wrote to memory of 720	532	Unicorn-16592.exe	87
PID 532 wrote to memory of 720	532	Unicorn-16592.exe	87
PID 532 wrote to memory of 720	532	Unicorn-16592.exe	87
PID 720 wrote to memory of 1984	720	Unicorn-48600.exe	91
PID 720 wrote to memory of 1984	720	Unicorn-48600.exe	91
PID 720 wrote to memory of 1984	720	Unicorn-48600.exe	91
PID 532 wrote to memory of 4384	532	Unicorn-16592.exe	92
PID 532 wrote to memory of 4384	532	Unicorn-16592.exe	92
PID 532 wrote to memory of 4384	532	Unicorn-16592.exe	92
PID 5012 wrote to memory of 4436	5012	Unicorn-28734.exe	93
PID 5012 wrote to memory of 4436	5012	Unicorn-28734.exe	93
PID 5012 wrote to memory of 4436	5012	Unicorn-28734.exe	93
PID 3464 wrote to memory of 3036	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	94
PID 3464 wrote to memory of 3036	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	94
PID 3464 wrote to memory of 3036	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	94
PID 4384 wrote to memory of 876	4384	Unicorn-21534.exe	96
PID 4384 wrote to memory of 876	4384	Unicorn-21534.exe	96
PID 4384 wrote to memory of 876	4384	Unicorn-21534.exe	96
PID 5012 wrote to memory of 4484	5012	Unicorn-28734.exe	97
PID 5012 wrote to memory of 4484	5012	Unicorn-28734.exe	97
PID 5012 wrote to memory of 4484	5012	Unicorn-28734.exe	97
PID 532 wrote to memory of 4708	532	Unicorn-16592.exe	98
PID 532 wrote to memory of 4708	532	Unicorn-16592.exe	98
PID 532 wrote to memory of 4708	532	Unicorn-16592.exe	98
PID 1984 wrote to memory of 4220	1984	Unicorn-16704.exe	99
PID 1984 wrote to memory of 4220	1984	Unicorn-16704.exe	99
PID 1984 wrote to memory of 4220	1984	Unicorn-16704.exe	99
PID 4436 wrote to memory of 4048	4436	Unicorn-26984.exe	100
PID 4436 wrote to memory of 4048	4436	Unicorn-26984.exe	100
PID 4436 wrote to memory of 4048	4436	Unicorn-26984.exe	100
PID 720 wrote to memory of 1644	720	Unicorn-48600.exe	101
PID 720 wrote to memory of 1644	720	Unicorn-48600.exe	101
PID 720 wrote to memory of 1644	720	Unicorn-48600.exe	101
PID 3036 wrote to memory of 3284	3036	Unicorn-4517.exe	102
PID 3036 wrote to memory of 3284	3036	Unicorn-4517.exe	102
PID 3036 wrote to memory of 3284	3036	Unicorn-4517.exe	102
PID 3464 wrote to memory of 3964	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	103
PID 3464 wrote to memory of 3964	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	103
PID 3464 wrote to memory of 3964	3464	0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe	103
PID 876 wrote to memory of 2032	876	Unicorn-43232.exe	104
PID 876 wrote to memory of 2032	876	Unicorn-43232.exe	104
PID 876 wrote to memory of 2032	876	Unicorn-43232.exe	104
PID 4384 wrote to memory of 5028	4384	Unicorn-21534.exe	105
PID 4384 wrote to memory of 5028	4384	Unicorn-21534.exe	105
PID 4384 wrote to memory of 5028	4384	Unicorn-21534.exe	105
PID 4708 wrote to memory of 992	4708	Unicorn-4045.exe	106
PID 4708 wrote to memory of 992	4708	Unicorn-4045.exe	106
PID 4708 wrote to memory of 992	4708	Unicorn-4045.exe	106
PID 532 wrote to memory of 2724	532	Unicorn-16592.exe	107
PID 532 wrote to memory of 2724	532	Unicorn-16592.exe	107
PID 532 wrote to memory of 2724	532	Unicorn-16592.exe	107
PID 1984 wrote to memory of 1832	1984	Unicorn-16704.exe	108
PID 1984 wrote to memory of 1832	1984	Unicorn-16704.exe	108
PID 1984 wrote to memory of 1832	1984	Unicorn-16704.exe	108
PID 4220 wrote to memory of 1780	4220	Unicorn-10175.exe	109
PID 4220 wrote to memory of 1780	4220	Unicorn-10175.exe	109
PID 4220 wrote to memory of 1780	4220	Unicorn-10175.exe	109
PID 1644 wrote to memory of 1636	1644	Unicorn-39510.exe	110

C:\Users\Admin\AppData\Local\Temp\0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe
"C:\Users\Admin\AppData\Local\Temp\0da72d2390e1c811262f9df4cc9e22b8b139160cad3bb45275ff1141ee0fb643N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        10⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        10⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        10⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        9⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        10⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        10⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        9⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        9⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        9⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        9⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
        8⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        7⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        7⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
        9⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        7⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        6⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37486.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        9⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        9⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        9⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        9⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        8⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6848.exe
        8⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        7⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        6⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        7⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
        7⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        5⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        9⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        9⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
        9⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        8⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        7⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        7⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        7⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        7⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
        6⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52577.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
        7⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
        5⤵
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        7⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        7⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        6⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        6⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        7⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        6⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        5⤵
        
        PID:8164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
      4⤵
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        5⤵
        
        PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
      4⤵
      PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
      4⤵
      PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
      4⤵
      PID:16196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        8⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        9⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        9⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49312.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        7⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        8⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        7⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        6⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        9⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        9⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        9⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        9⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        8⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        8⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9926.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        6⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14630.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        7⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        6⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        5⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        5⤵
        
        PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        8⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        7⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        7⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        7⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        7⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        6⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        7⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        6⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        6⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        6⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37111.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        5⤵
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        5⤵
        
        PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
      4⤵
      PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
      4⤵
      PID:16036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        6⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        8⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        7⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        7⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        6⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        7⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        6⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        7⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        5⤵
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        5⤵
        
        PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        5⤵
        
        PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        5⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        6⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
      4⤵
      PID:16568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        6⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
      4⤵
      PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
      4⤵
      PID:15448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        5⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
      4⤵
      PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
      4⤵
      PID:16684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
    3⤵
    PID:10136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
    3⤵
    PID:13888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
    3⤵
    PID:15732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        6⤵
        Executes dropped EXE
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        8⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        8⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        7⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
        8⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        7⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        6⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        5⤵
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        7⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62963.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52467.exe
        6⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        5⤵
        
        PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        5⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        5⤵
        
        PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        5⤵
        
        PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
      4⤵
      PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
      4⤵
      PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        6⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        6⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        6⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        6⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        7⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        6⤵
        
        PID:184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        6⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61176.exe
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        5⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
      4⤵
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
      4⤵
      PID:9312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
      4⤵
      PID:16924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
    3⤵
    PID:7868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        5⤵
        
        PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        5⤵
        
        PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
      4⤵
      Executes dropped EXE
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
      4⤵
      PID:8168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        5⤵
        
        PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
      4⤵
      PID:9472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
    3⤵
    PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
    3⤵
    PID:9176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
    3⤵
    PID:11876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
    3⤵
    PID:16204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28832.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        5⤵
        
        PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        6⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        5⤵
        
        PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
      4⤵
      PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
      4⤵
      PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
      4⤵
      PID:9272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
    3⤵
    PID:8252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
    3⤵
    PID:11668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
    3⤵
    PID:464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
    3⤵
    PID:10000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        5⤵
        
        PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        5⤵
        
        PID:15380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
      4⤵
      PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
      4⤵
      PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
    3⤵
    PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
      4⤵
      PID:15416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
    3⤵
    PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
    3⤵
    PID:9828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
        5⤵
        
        PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        5⤵
        
        PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      4⤵
      PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
      4⤵
      PID:16172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
    3⤵
    PID:10168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
    3⤵
    PID:13920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
  2⤵
  PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
    3⤵
    PID:8920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
    3⤵
    PID:12168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
    3⤵
    PID:3644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
  2⤵
  PID:7188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
  2⤵
  PID:11472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
  2⤵
  PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 14076 -ip 14076
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 14068 -ip 14068
1⤵
PID:14216

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 11736 -ip 11736
1⤵
PID:7204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe

Filesize
468KB

MD5
a4051197725ca8e3bcd202ae739fbf04

SHA1
550661f3fdcb105f5f143491502681eed01634de

SHA256
d41fb01c8cffb1584d757f4d3b4ad336b5e8563297c06a8266366caec2c9dfc8

SHA512
b9f51229d6554e1c007871d1eaf4453cf033e9432f46ea376afbf22fd32eac57b084ce22339a9261e5ea31f86785803ac8bb55a31a6182d2060e957ad9084100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe

Filesize
468KB

MD5
1e0c551ad03f80ea9065ae21062b2d0d

SHA1
1a2426592455e60b79419f2085a47957010f1212

SHA256
a89dc64c9832435220a0b926202c19a2e1d3637b55e836c35cd0237133f8f2e0

SHA512
7856c0eff1a1e3201c55ce9d4f019691e0a9467182db2836581f6864ea279f688de8f1b9128214f6bd3bbb073fe02233a9091d573a19dea4c0ec6c02ded56272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe

Filesize
468KB

MD5
b01a54527eba41bd04195cc9eefd692d

SHA1
79004f5d859ac734aad45c918291fce9198c7af7

SHA256
0ddff80f02cd91b6b4587c45c7208025292c9974e03e25a72d6c9b8550824537

SHA512
38768b633c0da784109161b65114add3fe8cb6526b3156858745495be891fbba9376cfcae3bde21b1df6859298c3f458850bf9af693ee010addc0af9c790357e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe

Filesize
468KB

MD5
0d3432a6946fdac67a45adb0a132b93d

SHA1
faf1a4066eda98d0114092d23d6272105d58bc9a

SHA256
7b7dd42b80084bef9d201fae803e2c314fd80ebbb6029c56123af06d8a1019b5

SHA512
e3c4ec34d9d1a374495aacf91e24ec5e70a801c8311cf29ea47a5992a62dca858e0b87f57782cad4847df31854f32a553772d489190d5782738e498c0935cdf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe

Filesize
468KB

MD5
4d8ff0b43f0769b910182596e43356ad

SHA1
9f891bd48deada2bf50765886727cc88aaae18d6

SHA256
93c8b1d736945f974b301be8dc7e7893c799107cc5a07d45cd33b990fa7efcc4

SHA512
f051e9b501fb695ba825f3c15daa9c7e4b777282a48db97336a12f0f74d229d2d9fffd8961dc5b646873b877ed566492cf6395b3b3a6eee575e9fd7202be608c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe

Filesize
468KB

MD5
ae7c635d5e8ea02edc3c4b9e09cf6663

SHA1
a7486c72a0196296b3b71e613b08b31ca7c451b3

SHA256
ef2fe52502a1a945e02dc6bae7995d9442724d0182e9a3e73685e40031c81abc

SHA512
15717bde0e73c834e7ac0a2369a2c9cd999af2b82c66b9535d600086e56b4b3e77e0a1b90ba7de19c0dbe7c1fb2577516c724190ac46e5dbf145ac765c8bc857

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe

Filesize
468KB

MD5
68e37a498b9d5f91a017ed9e48bcf430

SHA1
1de5e2742555d46cf09e56ba22d9015bb34bb4e9

SHA256
1f3575d044062f04b37818b255e9cfde8a190aadf9ff992cd4281a7e55e780f5

SHA512
888cef1a7dad1d70078c4a39500b7d1a26cd74b4843bdf26526258575014c0b7d9adfabd5045a5759c37827557849839b63d587fae979fd2d2235e8f5ca5cc2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe

Filesize
468KB

MD5
773cf708d93e3a061ee859fc9764c2c5

SHA1
cf7465925562725a15c982a823b5499498c1d8a2

SHA256
2430a857f0820dbf72283ca0cc8abc965240bd9b1da5ee58c7e96427a1d4e4d8

SHA512
302abcadc8ee7cf77f6c5ef88ceac353c17026a60547938418b067782079a79ef094db54d758a13c01b3b8943bd4dc78b311df517fdd09374c127a6840769fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe

Filesize
468KB

MD5
80fba0a17380119fff4926c926bb8443

SHA1
2ee769cbd55265abe3e7cf55c5066f641b96e8a3

SHA256
9ea9dd526e486f0fe5888948e748cf361a6bbc70764aa2a577bfc1c442303ce5

SHA512
083d9a4d4c2dbf06b5dc0a208a517366b3aefc24ae8b61113687b1ae57cc30b6dc3aaf4ad4198d5cbe0be6a7800addd0c168a8b22296d888b3fb31e84a3d407b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe

Filesize
468KB

MD5
27a25f88a0da38218ba6bc8043e9ff06

SHA1
5751819cecc847a9b2a1041ac530f7abf21be7d4

SHA256
b58319484b19067915582d6df766c4b1dd905374d3f753fbd8a880d7c055ee8a

SHA512
625fd16037e16eacda9c84f210e0f3f7e98d46ee806be8f3b5e3d5859455635628d7fcda8ab623dbd6fc22b6a3709e95cc2a25a7dcd3734068f822ba5acd672c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe

Filesize
468KB

MD5
2bbbb3fb7c4b37d8b20220263c605b61

SHA1
c96e0eefdb23e77d48168f05328e9aa0d3c2b0c8

SHA256
a1722227a48a1ce9442b68d291458c71661db9e66c34c46c033d8b60c0c55c0a

SHA512
a82762a1bffe4c47bce4eefb996233682984018fb2a13f2917745caba3129ad80c8a52afa9af5740d23abb165e039677f71bd52691d25e58bfeceafb5f17bae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe

Filesize
468KB

MD5
95eeb3cbfbad7a9729ad560c62e1f0cb

SHA1
0f2928e15946d31619adf53f7393c573e6c08254

SHA256
ecffd98a759e22d8369725b86e815dc5ece3fba5fc44215c5e5aae95e854afd4

SHA512
446e0c42d2eecb13be8d4fa91a22beff15462852d5c171dd6402732ce4e94ec6c7713139836eb6e9102c9cad8a91197bd4cb0814d5d2e91936633279bd8a3306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe

Filesize
468KB

MD5
ef1119fe827d01949b3f33d38033113a

SHA1
950818df891183273cdff7c6b704cbf096dd4af5

SHA256
d14d37612d12586dbe778d896c1e9a5ebb9edd5aea3357a5b6ef192eaab79709

SHA512
21135d9633b23daa66203dd4bd71eb0fbdfdaf46b86ecb69a7af00249ddbfd66d0ea67f9b2b3ad7702987570b12edadf40f4b0122a8637b096877b3e5fbcc02d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe

Filesize
468KB

MD5
85761616630c6b261c93be6c017d4e90

SHA1
0b4f2d4414841f29a7fc3c719a684b3386689cc3

SHA256
492c308a3f9c16dcf44682b68be0fcbe01777f872d25d29a5db62004b7004982

SHA512
4360ccb5c573deb376f24edf52e62195654ada54b09ef81a82c016803ae429d5a08364bd4474dc06dac63717ceaab8ec66eb1d39d37e7c2bdc58ed340740eb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe

Filesize
468KB

MD5
7efc375c689641639c64437f2baab870

SHA1
e1c6e05f13880a646bd3ef1155181c0bb132719a

SHA256
44916cd8458f583f890906f2ce5de02e80fa85c0d13163bd8af2c496f44e6dfa

SHA512
b2617ae13a36c25f8b9971759f9a3e9f09043e85d079ee9dc26c22ad270d553b312341a8306fefef65367c1061975dcd8dbccb05f55494056b2693341b9c672c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe

Filesize
468KB

MD5
3d089924f3276df2396e81996b3d77bd

SHA1
a5858de14b2565b2d0940673cee27b54bd47252c

SHA256
e1c8f2094c79ce6fec5ba05c34f87ffccbf4d3e55d49ce2ff64697b80a0a1e78

SHA512
475081595fb62dfed492e18f660f4e1e34fd163ab5d96731d34dfb58506eb16ad1bb18a8836dd3eeecfaef90e882ed6d4f63a8f585a42a15a3c3e6c387ac7a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe

Filesize
468KB

MD5
caceb8b3e76449a0ac3b95740ebf075f

SHA1
d3a2fe359c81298f9f367ae9ce57de3aae1c4ba1

SHA256
e36e02095e9a29913527c5efe837ee9c44d915326284683d54c02aaae3b0ca5e

SHA512
579a21fe4dd351b5e348ce32511bc9ba46aac1f8de2920e4cbd55c3e03c24df6783a7f8fbab2497a677c87640da816ed61a0ae1f8f68561b583fe007b24f60e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe

Filesize
468KB

MD5
334f83fa431eb28085d39332474b8129

SHA1
aeb2ca2cf48ec19d354d16a5b2707b9e08ec3c47

SHA256
8fe0943583b382ef5b08fc4bd97a960069e4cc2000b02e741f98ad320a2c3b29

SHA512
67e18aaea55bc8dcc0a8a10d1df1fe9e8796546a03932c279568687489430a1e87d548f785a059144abc3b60360072f697d7db51c78edaf3e6bd02345d7f38a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe

Filesize
468KB

MD5
0fca39835511d38705ed733724ebf16a

SHA1
ea60078846ef303cea1b4df1e89f702d75089c4b

SHA256
95aba525e5086934ec867ec705a7abc1ee2c76369fa00c68f15f9e06e4974424

SHA512
d5bc1b5b92c7aef758de5cf9a8bc10d0a6cf1188570e4ac89d8c816e0abc67a29b66bc74f6a5af294b4ec427bf445fd6f2d4dddf34e360083449fd811aaef83b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe

Filesize
468KB

MD5
ac6363a368048b768b4426104a8c9ab7

SHA1
9994cd321328f091c140d6a8f1f8d0cdea563c2c

SHA256
1a75aa4d1a0db31ddd5cc6dea5d0dfb9888ad652f3be9def85f83f0982be4cd0

SHA512
cad46721a0f7205091899a9bacd3d67b22ac2c659ef01f03056b29aff1f4c9d4943f64b7d94e17f9d26fa62b117a3efe52ac42c4cef09cf53729a95d4d4cffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe

Filesize
468KB

MD5
6803d5b7ec5fe7133243c549326db0e2

SHA1
ca1e509370750f8944fbd5a18f3bc23cd18276ca

SHA256
46933689536f1accb78f5270cecc211e20b71289735ff522682853075370bc66

SHA512
0cd67db099b8ffa0a8d4309c046e3309e6027bae54fd1e500521649fef77c638f63f283351ca699ca163e948f8a101b5e8c654fd2da2c953168e03794e7651f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe

Filesize
468KB

MD5
6b658cdd533dad53b78e330e9609e7d9

SHA1
1f855d355d4b2354dcd16e32fc2aa9c131d61158

SHA256
b4ed290f749228cc8197c072b3ceaf50e70f8f7efb0481d912e1752783ecbf32

SHA512
b489f81e71052c1d4c2f64bdf5e1d52aa80a11cfface661611da73cb86cc0ab39725c2d17dbaedc16ccbe3bcdd124195b971a03821cc388466212ebbb10e2507

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe

Filesize
468KB

MD5
74ab5e056b915bbf9a33837c7cdbac30

SHA1
a393fa75e161662a80de09240ad9c0c22ff83901

SHA256
a81771b96ef4122f028cf587b6eaa7aefb7d4f6b869be6b315ab943c7d89d76f

SHA512
8db9fe91868defbec3e9474641f55dc09caa68e8ee187549432779833d3007bc92230de5c960a27306b6bd1b07c6a71834eb14aab0205ea2a33dab643806b8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe

Filesize
468KB

MD5
ec8acf4481be8ff4f93682d9fdb9b12e

SHA1
035efb8cc2209bd8540ffe504f048a367f5c74d2

SHA256
fb9eccf88a165dddd5efa777792b3d0669eb9da6984d982aca9a287ebd8c4466

SHA512
37fcf5a1792c932e91b9543cfe8fac2ad2f8b2b5bcaed1ab03a526c1961fd20008fb723f59b742a86060d8462d238c2e89001775446b208563d82bd1e45514a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe

Filesize
468KB

MD5
4e2e9d956e626e15859cd39227fb3486

SHA1
ce2e7e6bb0477a6a6a03f86fa50b3569e98b62f5

SHA256
48bf16be68db82c64b56a04bbf5adb453b95295c31a5179ba3aac7fb0f3b66fb

SHA512
a9ad555bdfb97c89037cc9c70c07d8963009508249b991c058b5015884eec3f1b3ba44f62d1a45197594ff1d0b57959cb9d69c5f868cc06346b537f7446bc365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe

Filesize
468KB

MD5
d1eeef3e9406c08f6be11ff5db538a5f

SHA1
f7d0ff9816b60cf9a73b11a182ea5e00317e0d77

SHA256
5ff9eca3d5cf5e4db83659ccd6dbcd284446b4222aa3ad14b0daf7ccbebc81d0

SHA512
675130741c5cf5a0f860ef4e3faf760d8664cff05839518bc4e9b85ab05296414871102ceaac6c7030c63829309032ed3d81c08dd1fa133d00ec39bdfdb77178

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe

Filesize
468KB

MD5
e673e71d79c6dcad9ee0231ab6b0be91

SHA1
b5573e42e83f4ccecb0ecf79df86b81c3ef2effa

SHA256
cfeee0f71cedb523da0187c0eb33d985ce817eca2318352a2524b4b32f613a94

SHA512
a222788da64276a5a2b968d63a068cef0fe383319e1fd90e4dd422b12292a488e20619b1a6fe7fa308431fc615334764d1ee2d31ede2ff6186fb49b1474a62aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe

Filesize
468KB

MD5
692d0df4dc31d895dfe3281e6495fc1c

SHA1
c0432107b9a3d9fe6a547e432ef16231e61b173e

SHA256
64dc370673eee17540d9b4a454dddd331fac9ccc74d5524afd973b25761d5d55

SHA512
38b94673f8dee3debdd0df59ce6c37fee84b055fd75ab28f1258e9fada1b28769cfc93a92ecde80b56c2da40d1cf9272435a9d8c6075fb0d9144f712e3f48b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe

Filesize
468KB

MD5
022bb3c57fbc48407884bfdccacdc1c2

SHA1
9394fa365596e0ae9eaf5b2a9020e00101761259

SHA256
2d6cf1d480b313b523f9478c1e54aaf2c24e25ffa3f61a0c6a9a73933177e98a

SHA512
0f639c2e0ef9ceb0f9e40a7574332a0e3f29a02c914850d20e992ae14ea53a0aeeee5e85fb45b6871659c24a5acb0a3719b7f9b8178a0050286885e198a58641

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe

Filesize
468KB

MD5
0484e4e815c448831a867f495891ea81

SHA1
8ded35c07d7976b11f7231f6c83d18abefa99f39

SHA256
a92093bb08ec55f63a83b8e8562015fd875a032701af5fd7f5fba2ea8ad9397c

SHA512
2b3f6082276ed5fbd0b6676ca60d1e735cf65454eef6e395f45a4a7b3496d1a7fa45c7206f53169042a6298979bfe216add9e8c38a11f47ea104f9adda1b34ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe

Filesize
468KB

MD5
473e86592e89b57a03fad854e305ab53

SHA1
c2054008239f863df63afc1bc536df4b7402002b

SHA256
3118c775a99ab9db7d4d4fa7db139b0fbf33423c04712d2b8b51f6697aea654c

SHA512
29f0a9bb927466ca35d9375830fd6c356e9bba2055f7d63c946dfcc68212a5b939a5fc57082124641ce0a1c1f282bb579e54701e25380f7cdb51fc09cd74f203

Download Submit
memory/440-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/532-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/720-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/932-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/968-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/992-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1336-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1348-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1644-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1664-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1848-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1880-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1904-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2312-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3144-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3284-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3444-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3656-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3792-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3920-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4188-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4228-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4588-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4656-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4756-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4764-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4956-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5012-16-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5212-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5220-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5240-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9752-3264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9788-3279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9828-3281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13676-2443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14524-2432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15468-3273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads