a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99f

Analysis

max time kernel
120s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 03:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe
Size

468KB
MD5

cbab97973b849563e23976de550f38c0
SHA1

51412169d99e22895102e4a39dee8cde6226873b
SHA256

a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99f
SHA512

203e42c6c6a953c2991295d3eb8ca73d107ed58e13a621f186074fbb7f496a74cc9f33454fb760a635ab42f83742c25ffbfa91f3ba4684056e6584af60f8d8fe
SSDEEP

3072:z4/iogKxT28U2bY3Pa37qf8/ECqjy+pdymHxFy3k3Bd+J3XNVNlY:z4qotXU2APQ7qfGu1L3BIpXNV

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2832	Unicorn-28206.exe
4504	Unicorn-12461.exe
5040	Unicorn-41796.exe
4464	Unicorn-57822.exe
3212	Unicorn-38148.exe
4044	Unicorn-15549.exe
2128	Unicorn-58428.exe
4624	Unicorn-46686.exe
1488	Unicorn-59877.exe
5092	Unicorn-43214.exe
4524	Unicorn-43479.exe
764	Unicorn-42964.exe
4816	Unicorn-43479.exe
3984	Unicorn-37349.exe
4864	Unicorn-43479.exe
2456	Unicorn-30558.exe
4392	Unicorn-45477.exe
4744	Unicorn-50926.exe
3964	Unicorn-44220.exe
3968	Unicorn-50350.exe
1028	Unicorn-34014.exe
3996	Unicorn-1268.exe
3164	Unicorn-24315.exe
3832	Unicorn-33246.exe
1716	Unicorn-46437.exe
3064	Unicorn-60172.exe
4260	Unicorn-13380.exe
5108	Unicorn-62965.exe
4308	Unicorn-59870.exe
4000	Unicorn-40196.exe
5036	Unicorn-40549.exe
2236	Unicorn-301.exe
4808	Unicorn-30788.exe
968	Unicorn-30788.exe
3668	Unicorn-30788.exe
4776	Unicorn-52055.exe
3732	Unicorn-31421.exe
2572	Unicorn-4717.exe
832	Unicorn-4717.exe
640	Unicorn-60462.exe
2636	Unicorn-44126.exe
1436	Unicorn-60654.exe
1996	Unicorn-24452.exe
4400	Unicorn-60005.exe
3664	Unicorn-7156.exe
456	Unicorn-18091.exe
4552	Unicorn-27022.exe
4912	Unicorn-27022.exe
3420	Unicorn-10685.exe
644	Unicorn-37228.exe
1532	Unicorn-59886.exe
3208	Unicorn-50373.exe
4136	Unicorn-34020.exe
2524	Unicorn-39886.exe
3940	Unicorn-20285.exe
3948	Unicorn-13757.exe
4860	Unicorn-43607.exe
3512	Unicorn-59621.exe
4716	Unicorn-59132.exe
1408	Unicorn-48542.exe
3084	Unicorn-64302.exe
1588	Unicorn-44629.exe
3176	Unicorn-64229.exe
4660	Unicorn-37406.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2932	3164	WerFault.exe	109
15764	14744	WerFault.exe	700

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7773.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15484	dwm.exe
Token: SeChangeNotifyPrivilege	15484	dwm.exe
Token: 33	15484	dwm.exe
Token: SeIncBasePriorityPrivilege	15484	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe
2832	Unicorn-28206.exe
4504	Unicorn-12461.exe
5040	Unicorn-41796.exe
4464	Unicorn-57822.exe
3212	Unicorn-38148.exe
4044	Unicorn-15549.exe
2128	Unicorn-58428.exe
4624	Unicorn-46686.exe
3984	Unicorn-37349.exe
4864	Unicorn-43479.exe
764	Unicorn-42964.exe
4524	Unicorn-43479.exe
5092	Unicorn-43214.exe
1488	Unicorn-59877.exe
4816	Unicorn-43479.exe
2456	Unicorn-30558.exe
4392	Unicorn-45477.exe
4744	Unicorn-50926.exe
3968	Unicorn-50350.exe
3964	Unicorn-44220.exe
3996	Unicorn-1268.exe
1028	Unicorn-34014.exe
5108	Unicorn-62965.exe
4260	Unicorn-13380.exe
3064	Unicorn-60172.exe
3832	Unicorn-33246.exe
1716	Unicorn-46437.exe
3164	Unicorn-24315.exe
4308	Unicorn-59870.exe
4000	Unicorn-40196.exe
2236	Unicorn-301.exe
5036	Unicorn-40549.exe
3668	Unicorn-30788.exe
968	Unicorn-30788.exe
4808	Unicorn-30788.exe
4776	Unicorn-52055.exe
3732	Unicorn-31421.exe
2572	Unicorn-4717.exe
832	Unicorn-4717.exe
640	Unicorn-60462.exe
1436	Unicorn-60654.exe
2636	Unicorn-44126.exe
1996	Unicorn-24452.exe
4400	Unicorn-60005.exe
4552	Unicorn-27022.exe
4912	Unicorn-27022.exe
3420	Unicorn-10685.exe
3664	Unicorn-7156.exe
644	Unicorn-37228.exe
456	Unicorn-18091.exe
2524	Unicorn-39886.exe
1532	Unicorn-59886.exe
3208	Unicorn-50373.exe
4136	Unicorn-34020.exe
3940	Unicorn-20285.exe
3512	Unicorn-59621.exe
4860	Unicorn-43607.exe
3948	Unicorn-13757.exe
4716	Unicorn-59132.exe
1408	Unicorn-48542.exe
3176	Unicorn-64229.exe
1588	Unicorn-44629.exe
3084	Unicorn-64302.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 2832	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	82
PID 4540 wrote to memory of 2832	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	82
PID 4540 wrote to memory of 2832	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	82
PID 2832 wrote to memory of 4504	2832	Unicorn-28206.exe	83
PID 2832 wrote to memory of 4504	2832	Unicorn-28206.exe	83
PID 2832 wrote to memory of 4504	2832	Unicorn-28206.exe	83
PID 4540 wrote to memory of 5040	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	84
PID 4540 wrote to memory of 5040	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	84
PID 4540 wrote to memory of 5040	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	84
PID 4504 wrote to memory of 4464	4504	Unicorn-12461.exe	85
PID 4504 wrote to memory of 4464	4504	Unicorn-12461.exe	85
PID 4504 wrote to memory of 4464	4504	Unicorn-12461.exe	85
PID 2832 wrote to memory of 3212	2832	Unicorn-28206.exe	86
PID 2832 wrote to memory of 3212	2832	Unicorn-28206.exe	86
PID 2832 wrote to memory of 3212	2832	Unicorn-28206.exe	86
PID 5040 wrote to memory of 4044	5040	Unicorn-41796.exe	87
PID 5040 wrote to memory of 4044	5040	Unicorn-41796.exe	87
PID 5040 wrote to memory of 4044	5040	Unicorn-41796.exe	87
PID 4540 wrote to memory of 2128	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	88
PID 4540 wrote to memory of 2128	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	88
PID 4540 wrote to memory of 2128	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	88
PID 4464 wrote to memory of 4624	4464	Unicorn-57822.exe	93
PID 4464 wrote to memory of 4624	4464	Unicorn-57822.exe	93
PID 4464 wrote to memory of 4624	4464	Unicorn-57822.exe	93
PID 4504 wrote to memory of 1488	4504	Unicorn-12461.exe	94
PID 4504 wrote to memory of 1488	4504	Unicorn-12461.exe	94
PID 4504 wrote to memory of 1488	4504	Unicorn-12461.exe	94
PID 4540 wrote to memory of 5092	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	95
PID 4540 wrote to memory of 5092	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	95
PID 4540 wrote to memory of 5092	4540	a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe	95
PID 4044 wrote to memory of 4524	4044	Unicorn-15549.exe	96
PID 4044 wrote to memory of 4524	4044	Unicorn-15549.exe	96
PID 4044 wrote to memory of 4524	4044	Unicorn-15549.exe	96
PID 5040 wrote to memory of 764	5040	Unicorn-41796.exe	99
PID 5040 wrote to memory of 764	5040	Unicorn-41796.exe	99
PID 5040 wrote to memory of 764	5040	Unicorn-41796.exe	99
PID 3212 wrote to memory of 4816	3212	Unicorn-38148.exe	100
PID 3212 wrote to memory of 4816	3212	Unicorn-38148.exe	100
PID 3212 wrote to memory of 4816	3212	Unicorn-38148.exe	100
PID 2832 wrote to memory of 3984	2832	Unicorn-28206.exe	97
PID 2832 wrote to memory of 3984	2832	Unicorn-28206.exe	97
PID 2832 wrote to memory of 3984	2832	Unicorn-28206.exe	97
PID 2128 wrote to memory of 4864	2128	Unicorn-58428.exe	98
PID 2128 wrote to memory of 4864	2128	Unicorn-58428.exe	98
PID 2128 wrote to memory of 4864	2128	Unicorn-58428.exe	98
PID 4624 wrote to memory of 2456	4624	Unicorn-46686.exe	102
PID 4624 wrote to memory of 2456	4624	Unicorn-46686.exe	102
PID 4624 wrote to memory of 2456	4624	Unicorn-46686.exe	102
PID 4464 wrote to memory of 4392	4464	Unicorn-57822.exe	103
PID 4464 wrote to memory of 4392	4464	Unicorn-57822.exe	103
PID 4464 wrote to memory of 4392	4464	Unicorn-57822.exe	103
PID 1488 wrote to memory of 4744	1488	Unicorn-59877.exe	104
PID 1488 wrote to memory of 4744	1488	Unicorn-59877.exe	104
PID 1488 wrote to memory of 4744	1488	Unicorn-59877.exe	104
PID 4504 wrote to memory of 3964	4504	Unicorn-12461.exe	105
PID 4504 wrote to memory of 3964	4504	Unicorn-12461.exe	105
PID 4504 wrote to memory of 3964	4504	Unicorn-12461.exe	105
PID 4524 wrote to memory of 1028	4524	Unicorn-43479.exe	107
PID 4524 wrote to memory of 1028	4524	Unicorn-43479.exe	107
PID 4524 wrote to memory of 1028	4524	Unicorn-43479.exe	107
PID 3984 wrote to memory of 3968	3984	Unicorn-37349.exe	106
PID 3984 wrote to memory of 3968	3984	Unicorn-37349.exe	106
PID 3984 wrote to memory of 3968	3984	Unicorn-37349.exe	106
PID 2832 wrote to memory of 3996	2832	Unicorn-28206.exe	108

C:\Users\Admin\AppData\Local\Temp\a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe
"C:\Users\Admin\AppData\Local\Temp\a5a50f2fcfd836bb5feee3a298d63afa17d85f18466bbbb3e5aad44ef9baa99fN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        11⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
        11⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        10⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        10⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        9⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        9⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        9⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        9⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        9⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        8⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        10⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        10⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        9⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        9⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        8⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42011.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23729.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        8⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        10⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        10⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        9⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        10⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        9⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        8⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26875.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
        8⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
        8⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
        7⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        7⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        6⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        6⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        9⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        10⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
        10⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        9⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        9⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        8⤵
        
        PID:14744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14744 -s 480
        9⤵
        Program crash
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8571.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
        7⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        9⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        9⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        8⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        8⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        7⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
        7⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        9⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        8⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        8⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        8⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13479.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        8⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
        7⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        6⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28484.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        6⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        7⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18179.exe
        5⤵
        
        PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        9⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        9⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        8⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        8⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        8⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        6⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        9⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        9⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        9⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        8⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        7⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        7⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        9⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        9⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        8⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        7⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        7⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        7⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23729.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        7⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        6⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        7⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2059.exe
        6⤵
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        5⤵
        
        PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        6⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59618.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        7⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        7⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
        6⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        8⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17006.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
      4⤵
      PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        8⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        8⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        7⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        7⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
        7⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        6⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
        7⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        6⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        6⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        7⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57887.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        5⤵
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        7⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        5⤵
        
        PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        9⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        7⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        7⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24875.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        7⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        6⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        5⤵
        
        PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        6⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        5⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      4⤵
      PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
      4⤵
      PID:8708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        5⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        7⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        6⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        6⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        6⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
      4⤵
      PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
      4⤵
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
        5⤵
        
        PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
      4⤵
      PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
      4⤵
      PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
    3⤵
    PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
    3⤵
    PID:11332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
    3⤵
    PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
    3⤵
    PID:6300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        9⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        9⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        9⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        8⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        7⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        6⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        6⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15012.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59618.exe
        8⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        7⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        7⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        6⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe
        6⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        6⤵
        
        PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        6⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        5⤵
        
        PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        5⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        5⤵
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
      4⤵
      PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
      4⤵
      PID:11324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
      4⤵
      PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
      4⤵
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        7⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        6⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        5⤵
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        6⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        6⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        5⤵
        
        PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
      4⤵
      PID:7112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        7⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        7⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        6⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        5⤵
        
        PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        6⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      4⤵
      PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
      4⤵
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        5⤵
        
        PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
      4⤵
      PID:9520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
      4⤵
      PID:6248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
    3⤵
    PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        5⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
      4⤵
      PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
      4⤵
      PID:15928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
    3⤵
    PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
      4⤵
      PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
    3⤵
    PID:10548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
    3⤵
    PID:14752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
    3⤵
    PID:5232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        5⤵
        Executes dropped EXE
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        8⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        7⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        7⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32193.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
        6⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2957.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
        6⤵
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
      4⤵
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60398.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        5⤵
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      4⤵
      PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51818.exe
      4⤵
      PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
      4⤵
      PID:17156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        5⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56558.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
        8⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        7⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        7⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        6⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        5⤵
        
        PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      4⤵
      PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
      4⤵
      PID:8616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16727.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
      4⤵
      PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
      4⤵
      PID:8764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
      4⤵
      PID:7748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
    3⤵
    PID:8932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
    3⤵
    PID:9980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
    3⤵
    PID:5548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
      4⤵
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
        5⤵
        
        PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
      4⤵
      PID:7772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
    3⤵
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
      4⤵
      PID:5684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
    3⤵
    PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
    3⤵
    PID:9808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
    3⤵
    PID:12360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
    3⤵
    PID:6388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 720
    3⤵
    - Program crash
    PID:2932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
    3⤵
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
      4⤵
      PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
      4⤵
      PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
      4⤵
      PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
      4⤵
      PID:15960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
    3⤵
    PID:10040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
    3⤵
    PID:12996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
    3⤵
    PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
  2⤵
  PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
    3⤵
    PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
      4⤵
      PID:6812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
    3⤵
    PID:14276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
    3⤵
    PID:9548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
  2⤵
  PID:7424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
  2⤵
  PID:10560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
  2⤵
  PID:14712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
  2⤵
  PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3164 -ip 3164
1⤵
PID:3452

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15484

Network

DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe

Filesize
468KB

MD5
23769f79eaa2db948cfeda78beec72d5

SHA1
6e3585cb35c3c6d9ae800be84c06f9b8d07a4a98

SHA256
b75249dd7509462c69c3f634f7dabb9d760672fdf0e828af729b175dcdd744a7

SHA512
95dc7844c85635a478028a7bbbda7f30d2b29061b331a1a5e7cc7904c3e28d71477129ab24d2233eba0df1930052070e99592b79ffaac4d92c35374040896857

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe

Filesize
468KB

MD5
1e99f6159849e48bd67ddfc547949536

SHA1
b2bd3ad15ffb14bfee95d5e05b9b285d773c2ef7

SHA256
7b5a0024991b0b2a1de3b07e2d068cc03d733329f82c3f3b62bbeafb2dcdc469

SHA512
52c909027caf63c5e5e779190f78872bc6a39f5415336c71866a04c23276b99cd75fe0258b85a0edb31b42edf48c711538d2049bf9f42a0beb175c7ec18377ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe

Filesize
468KB

MD5
8bcf6b95318a416c06ee49a2c9a347af

SHA1
bbe21bee8128d1d931891dbe18435f937f104054

SHA256
a50c248a11c062f5a85018b5c608b837bb3cdde41a8e7f1e0db6a27bca495ee3

SHA512
ec59e3b5b505a04c00ff191cdb2d178e609e515c3d3261a8952638007b62e61d6def4828d99ca5fcb6179e07392200173fa02c47aff2f3bdd0063ddf85bf9681

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe

Filesize
468KB

MD5
193607b4a7a144d0551b13401e668aab

SHA1
2e86c15f8ae555671fadb70716fbab8af890b537

SHA256
c159132a77d107e23648ee8941ed2ee8593896693b1314c0913d1131e6b0c447

SHA512
6a6ea92c80a4727c1f30fc0b8ab6aa3a269b74564cf9d72ca208d3342048593a9c99b11300dd98ff84b1dd2855e12d17b131e88caead1ea36e1244b1f2a77d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe

Filesize
468KB

MD5
9bc34e9d8307c11812e4ac242cc20729

SHA1
752ca9bfc2991bb7aa58e4066512d9eded1b1ca8

SHA256
961ad0f5ae03e5c05867b4417a79e6f05babb11dbc5885b0b502ecf3d8e40827

SHA512
4ffed7a99d77bf2c469b9ed4c158afd915d4f914967bba9df6cf1658ae20ae7c7e8c0e5c2f98d96a842dba81cc89d33747ac175621a9905d3247782dbab13ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe

Filesize
468KB

MD5
b5f78acdafd98fb917a141cc7ce28038

SHA1
f083d7d3bb2f461717cc41360abbbcb2b0e877eb

SHA256
cba9aa1e650cf62d3177cd214825d96d873f81110f96d906dc6ac67ba19a098d

SHA512
52038eb46df4b65976de8bb489a686d50aa1ab8e2ec08504563b7a450900dac111265cbb1ae1259191a6689a7ae1d500cf4c2dbb7aec5e87e27539243c3ca258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe

Filesize
468KB

MD5
34bfae04536c2d7e5d7673a2417b1ad7

SHA1
2815a1ca42aaf37aba04189260a901f0be3a2739

SHA256
b87c6635f7cb9cedb98f30fc4d972190140b062915265ee7bd0c8feb0c4b5e1e

SHA512
1f2c3773c8f1c2336063cf481a45c4dd658177949bd761ee4a8ba79b49db764e068e0701bef38459ead78f886ceb80948d791184c657d0f4ab704700f8e4a5ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe

Filesize
468KB

MD5
14e12d78a8f1f82e8f8cff0646686354

SHA1
8b555f4c2616fce286fb2b8f0c025b9e9d898356

SHA256
d8280720db1bb0909c53a367e44ab1893c77bd66266bcfbb3017850224a714be

SHA512
505a11e7a19f6aee857ecf5d9a2a553e645a94f72eabc6d36afdb19380d7882747753863447b48b051f1fc07a58b0e0aa4c3b68e4f69dafc418dda3f4000f106

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe

Filesize
468KB

MD5
4fd6be23fb02e36f441faca76621be32

SHA1
72d704da65a9b6f9f873422529242e93e79ee428

SHA256
f0d24db8314f488419f7da6b7dcc57f4ab1f20f44f9bcc8e26b1e99cc03963e8

SHA512
31871a22eb24e08c0a424c4a5064764f7b49d63846246ce5028fee1ca7fa183e10e445d18f432f7c2586a4d6e9f9475f25b5e9b3a46d71de2ef603d58b5ddf7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe

Filesize
468KB

MD5
8aefd4fbcd4bff46236e2edd2a323645

SHA1
c85b1f5c30efc6311c3fd11ae4432d7de9a0af73

SHA256
25d3b9eb926d07470cced8c326ad33e657ea3557287ea64260344ebacc21d46b

SHA512
4de1fee2d4bcbd76e36d855a5a2a93cf06dcdd73d0857e5f632f589da137c35b2520c0870574c445c500446e78a3356e81b0ffc09e0c417f4273a1752069ec23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe

Filesize
468KB

MD5
bacdd93bb49b8587e6e4e9b6e864e70e

SHA1
cd7ab910caa932b2f3f2c798e46b17aee674cf3f

SHA256
8e23360e83032dfb48c328c9b3ba6e85da072a9352e4ce8d7bbb97b7a96a7fb0

SHA512
a0bbe918be44de354b0c42247a7f6ebf569e7aef347a97b253dc0e597def908355358cc916a3b4bf49384aee6725e7fe6080147f0da6a842d7ee246e2d39edd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe

Filesize
468KB

MD5
15903d5eae1779df7026fdd810e48b30

SHA1
491d94b8cac79b3f59a8ecba098a13af11aa711f

SHA256
12c30b12223086cde77db771a53a62783187926a96825e244c98f67200fed817

SHA512
dd312905432cd4d0c6dd9e101319c025be99956abcb96b7366eee8874fc9b2dd50f368b9ef0c45fc3255aa81105422c99a894772e7b465f8cfd3135ac0bbf6e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe

Filesize
468KB

MD5
a79ac43c8965766e4861927cd41e5719

SHA1
1bc332e08e4d233d6eb0fcf38b77b8bc7f374cc6

SHA256
3942e387bf7d5934c8bb10f3f2406448958f72dd374cbc60a574d5c48096088a

SHA512
72e4aef7ca2c142331a006fd5f024ffd13f9f7bcf30d6ba700c94e0947339dd936029a1bfaead665466d0695d5413d6dd89890fe2d04c2fb9d8781b63e32153e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe

Filesize
468KB

MD5
268edb6ad7ee259ff3f427de29decf5f

SHA1
5569532a3a2e27e299381edd04a9acf55ead3239

SHA256
aa8a6e5409cb770b507b7e10531084c154d5fe282280ed35b213b02bcde2f75d

SHA512
6ae62649725d4f3e52e9b34c83cb9ddc3f9479f325462f6d7feb5b5689332d36b37d7f7983c3b8829c19ffd482bd35295f653502abfce90c315b0977496e569e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe

Filesize
468KB

MD5
776853364aa87860d5f261c278161014

SHA1
15a39435645e378683208a3ea05bd7af569a0c41

SHA256
f65be998c73ab9a632dcdc32b32925a7be685712af0cd348d23ca1ce6c1d0fdb

SHA512
00ba8b66539b99f4ceaac6f4d9d606da22c7200f8487e94bf2b85431059b81b7fb42c4cc22a6bcab9a7c8ade69507f6bfde2ba4b8d9d1d63f568c0f756123cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe

Filesize
468KB

MD5
855b0e6c1366282dd78f2616b20f18ab

SHA1
d1dad97fd7907e6870ca9500f6bd636648818992

SHA256
b543d109ede8bdd94d459639474115d7aacaa5080fa82b814042f878593e2e19

SHA512
4644638c3cb25dc053a4c474b153421491731224ba8182202467e37ed87ca36c66354a6de741515bb5c940f60d6857703339ba38932b2cf55e49fed8d06d16b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe

Filesize
468KB

MD5
97a95ce409c9640ff6c7509a50207775

SHA1
d42db164ddec18e14fb349e652f0d0d7653140aa

SHA256
2954f9edfb927c4d8ceb4e1a491bcb0d0ff0f11edd08929267c8ce48b63a31aa

SHA512
94d2a9a609be1e349098fe47cf32cc1fb9648c5901d0c22b55806e7ff6334c6b1c413cbef1c8984161600806c2c911619e8592ff0aa08fe2ccd70b0165bb8628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe

Filesize
468KB

MD5
c785a73cd2ec1faabdbc9902ffd17320

SHA1
09b595c9ec6568f154d61dad1036195168efe5f8

SHA256
1b4aae58067fffa114ffc5254568c892ca62063fe6a14fed7279c697f697c043

SHA512
21b6e6717ce1999a219207d02d2d89574fd9f4a2550475f8f749d0dba01fd6548f1c1162df19a1a8f494e4b7988773242badd75e6129a33248acb0ec79d80770

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe

Filesize
468KB

MD5
e94bd5801b47279542290db1d9dcebcd

SHA1
8963dcc39442e2ae5921a635bc27417c820429c9

SHA256
8d043a7f33a8c755805d6907877672435a9a38a2c8afd2458d0555c377a403b5

SHA512
4f316b6a90f91e31e6023d9d7e7eab003f937b2773e125682cb1ef006390d2cbe901d24881d1562f47feb4e3bcd6918b810dc19d4dfee4e033e1c393a1608142

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe

Filesize
468KB

MD5
1967cdf829b9d19064f83898c705a4e5

SHA1
a410dd438835c674de2615b0b408ca127aa66db1

SHA256
2118b9407e68b59c7c0015746611cc9b87705558a6fc3e2875ff88101fabb0fa

SHA512
f2b118ce934612c35234c669a18297e894cb2ff6a6173d45fffabb62cac03bbea08ae566c7428065e3a4c60d8baf2cc569ecf421e582eec53ee636aba8875fce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe

Filesize
468KB

MD5
fd5bcda13344546677a766207df5a477

SHA1
c935a127c2ffe0b17898eb330e4cd7b4a587c786

SHA256
a9fb11096085a5877cb24a1c6e1be4ba763127ff755862dc88059bfc9e30ec0f

SHA512
32231b8efa3ab0902b90178d062c3158d07ada1ebae8c5e5a45a4988677400c3092a78c904552fcbd03e5a22646fd044dd65baf4e62af8af9915c6b03461dc5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe

Filesize
468KB

MD5
87e74153bc88ce554a11221aa4b6a9fc

SHA1
ec484fd951176aaecf18379698e3dd6a4ce5b018

SHA256
c463326bb8bf16b37cd2e1906e70da82cfc0d4137681266483b0b87b42f0666d

SHA512
5cc697c8ac5fc8953540a4f48130001b748a7fc9204a571a106d5abae9a5c443ed764fc30f7d703aaeeb51e644ac780271d94cbd9c265b00e7ebba96044c087e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe

Filesize
468KB

MD5
2e1e362597ae14a477e6260e2ec691ca

SHA1
03df2494fb1099142138ee95e1ac4c490d192e4a

SHA256
6a22d50c4f532981c7e539424f75856f6340575ee6f35fbe8adcb62c1486c164

SHA512
7d182a2f0bc2b9cf95dff9b6e1e0395d823db4cf32238cc701b831e980a2a73d1598bf843a431604aeb0ed8c0d9d4458d7855697bfe3ecede39729d435205e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe

Filesize
468KB

MD5
e1d1b035c4d13f310e48513f1143f5cc

SHA1
df453e7e5d41cc777b351c2ed3142c2d03be6cac

SHA256
4be25d517245aa3eed8335e3b1019e6a9a2ac9f268789e0f88e0f67acb66f33d

SHA512
62e5c48b9c5d94d4226c0bf625da0c03ad708f8719e6175af7baacd1678fba0b60f119c1b564f9cdca07a6ac8184ad3aa038bc4e0d3264932ae5cf61443c2492

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe

Filesize
468KB

MD5
01cd7510be47d66f420653cb996ec3c3

SHA1
164ac5088c0b79db319263470326ad15b38ca405

SHA256
5744a2ca4a2d82bb6096b9ed7491796e3bdc421d74522a9586401e63ebdfacd3

SHA512
7b052c8eb7495a5d13ecbad5517c21c0b570e9c9f0839e4a5e6918112ac9d468b185cb3f7c35aa8f4b45d337fd99394eea384c80ec127fc8b2ca52507f2458e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe

Filesize
468KB

MD5
913f596c8d401d34f3ba04100a3ac7f7

SHA1
0ee613429482aba08b1ed06e7244150570808736

SHA256
5f5112dd5aca9eb43bfbc179db28a1cf0fa7a28bf1a79e877e93b809c35fbc12

SHA512
462691fa31d5c1533368688326572730bfd68b788763509e5813b082a84ab0cf288fbb0be5be3356483d833a41cec699db570fa1729d5b98a8c4b667514c349e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe

Filesize
468KB

MD5
61ba17cd51a843891b91302e40db8115

SHA1
a95fc690b9414066a132d2408f4baffe57655033

SHA256
6f14f701c6629e233c6ee52609e111b15af6619336de0f81d95ead6d5ba01b34

SHA512
c9b2fc8ca64561e6fe656747382cad67b4557b8d2de1ef4bd103a3ac52bffc3d09847e418f4b277386fa15d99060070139b2eb71736e111b077420d2c511fbff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe

Filesize
468KB

MD5
8bc6afab1a187e3785f3c7c2f409f776

SHA1
c3ec7d112ccb96c440c02fb277fc0dd8977d7bb8

SHA256
5558d9168c771135028352d2f4b89000bf81d0f4675b1f70c1ea1c334920dbf0

SHA512
c9899f05c6e05934ab3f9585cae90d6416e7182b83a45e0c99aaa2df728c1b95a2aec274f1f29953d080ed3a4a7f9e79eb9b1b8cd33d0adf250f939a673d3362

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe

Filesize
468KB

MD5
36c2f141c4ed51d27bd477de719997c1

SHA1
bd845a918bc4d2caa717bd766c690f170d3036c3

SHA256
ce9cc39a754c2bb212c75da00669d1075c6cb48a51d2341b9ea8066d0fe60ad8

SHA512
aa2a7b06a4d9f080de032a2397c5af0f8c750c684e02cbaba5cc3791c2132ae9aa8fa11b9c4e81d55ece1bbdbf0cbd2c88226a911965c78bfa56375d9676777c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe

Filesize
468KB

MD5
c5c177e287964f176213c0c6f8d900bc

SHA1
41f4f8b4b3a7557fca4139827a4fd26a1905a752

SHA256
0c81a296fb6baebd56ae6c0e699275b53e3647c8f0a603fd4ecba4c3537a3160

SHA512
56dce5afa5e5b6f9d7cb602060cc248fbae5d85aaf5d205cbdf7e917dffba6f69a8b05b7b278df4a0195b6ad6e14db87ab4d6abb69d4ecd02bccbfb063b9df77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe

Filesize
468KB

MD5
6960c56b7d2f341f60149bf62e9189a0

SHA1
bb2a643145d57c5ca3fe3312ecad0d92af7b668f

SHA256
77a302f4b635eade01fc5b00e4d5600a84a753e454ba033c74d46d9882cbb984

SHA512
4fbba01a7f7eeb9f82a44eaf89ea3fb301efb43ce2e6e1799bcd553e7bae0f94bb14a03ef1e3acf7b55d3f63da8face1031d7f39875785584de87d5f7af9be50

Download Submit
memory/456-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/644-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/700-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/808-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/968-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1168-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1376-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1488-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2936-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3064-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3176-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3212-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3420-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3732-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3744-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3832-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3968-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3996-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4044-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4108-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4136-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4164-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4264-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4444-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4504-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4660-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5196-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5336-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5372-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5424-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5476-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5512-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-587-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5676-588-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5696-589-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15520-2530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15624-2528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.