b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682

Analysis

max time kernel
119s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe
Size

468KB
MD5

e582f255b351be0d47b83d0b5ea55ff0
SHA1

44185c97578cf12d8505c5aa78f3a458010c04bb
SHA256

b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682
SHA512

3e39c637dc3aaac958f266d4b3c1d1aaaa32f2f9a000f627525e63af78091ba86a012f558eb8b685c9f752ad04525a8c2bbd7a4ba818d6b1c8a63cc0b9ef2aad
SSDEEP

3072:13mCogWxjK8p2bxPPz/Czf8/EChbaDpo/pHBaVrq4Eh3AHiFDbm4:13roBzp2FPbCzfPdgL4EZmiFD

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4704	Unicorn-41021.exe
2184	Unicorn-26243.exe
3464	Unicorn-20112.exe
744	Unicorn-703.exe
3452	Unicorn-30038.exe
4000	Unicorn-49904.exe
1336	Unicorn-49639.exe
5092	Unicorn-28856.exe
3736	Unicorn-45747.exe
864	Unicorn-16412.exe
4768	Unicorn-53723.exe
4336	Unicorn-8051.exe
1484	Unicorn-60574.exe
1308	Unicorn-12135.exe
4048	Unicorn-51122.exe
3268	Unicorn-63604.exe
2512	Unicorn-47268.exe
1648	Unicorn-32777.exe
3196	Unicorn-24470.exe
1276	Unicorn-31700.exe
2912	Unicorn-27616.exe
3084	Unicorn-58242.exe
4996	Unicorn-64372.exe
3008	Unicorn-64372.exe
3716	Unicorn-36338.exe
1820	Unicorn-28170.exe
2104	Unicorn-36338.exe
2252	Unicorn-56204.exe
5080	Unicorn-22570.exe
1716	Unicorn-47771.exe
5064	Unicorn-61632.exe
804	Unicorn-33598.exe
4144	Unicorn-53464.exe
1964	Unicorn-51279.exe
940	Unicorn-58892.exe
2472	Unicorn-42291.exe
4944	Unicorn-1331.exe
4220	Unicorn-52570.exe
3336	Unicorn-46811.exe
3456	Unicorn-63147.exe
2044	Unicorn-37896.exe
1052	Unicorn-43132.exe
5072	Unicorn-62598.exe
4376	Unicorn-55000.exe
1588	Unicorn-15238.exe
2116	Unicorn-7143.exe
1388	Unicorn-64512.exe
2164	Unicorn-64512.exe
1816	Unicorn-19950.exe
4492	Unicorn-39816.exe
2924	Unicorn-19396.exe
4020	Unicorn-11227.exe
4876	Unicorn-6951.exe
2420	Unicorn-52068.exe
2504	Unicorn-41854.exe
1896	Unicorn-19758.exe
4276	Unicorn-33493.exe
2908	Unicorn-32202.exe
2312	Unicorn-41854.exe
1456	Unicorn-31224.exe
3756	Unicorn-48752.exe
868	Unicorn-52644.exe
3236	Unicorn-36862.exe
32	Unicorn-56536.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2788	3456	WerFault.exe	129
16084	15344	WerFault.exe	718

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16739.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4296	dwm.exe
Token: SeChangeNotifyPrivilege	4296	dwm.exe
Token: 33	4296	dwm.exe
Token: SeIncBasePriorityPrivilege	4296	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe
4704	Unicorn-41021.exe
2184	Unicorn-26243.exe
3464	Unicorn-20112.exe
744	Unicorn-703.exe
3452	Unicorn-30038.exe
4000	Unicorn-49904.exe
1336	Unicorn-49639.exe
5092	Unicorn-28856.exe
3736	Unicorn-45747.exe
864	Unicorn-16412.exe
4768	Unicorn-53723.exe
1308	Unicorn-12135.exe
4048	Unicorn-51122.exe
1484	Unicorn-60574.exe
4336	Unicorn-8051.exe
3268	Unicorn-63604.exe
2512	Unicorn-47268.exe
1648	Unicorn-32777.exe
3196	Unicorn-24470.exe
1276	Unicorn-31700.exe
3084	Unicorn-58242.exe
4996	Unicorn-64372.exe
3716	Unicorn-36338.exe
3008	Unicorn-64372.exe
2912	Unicorn-27616.exe
1716	Unicorn-47771.exe
5080	Unicorn-22570.exe
2252	Unicorn-56204.exe
2104	Unicorn-36338.exe
1820	Unicorn-28170.exe
5064	Unicorn-61632.exe
804	Unicorn-33598.exe
4144	Unicorn-53464.exe
940	Unicorn-58892.exe
2472	Unicorn-42291.exe
1964	Unicorn-51279.exe
4944	Unicorn-1331.exe
4220	Unicorn-52570.exe
3336	Unicorn-46811.exe
2044	Unicorn-37896.exe
3456	Unicorn-63147.exe
1052	Unicorn-43132.exe
5072	Unicorn-62598.exe
4376	Unicorn-55000.exe
1388	Unicorn-64512.exe
1588	Unicorn-15238.exe
2164	Unicorn-64512.exe
2116	Unicorn-7143.exe
1816	Unicorn-19950.exe
4492	Unicorn-39816.exe
2924	Unicorn-19396.exe
4020	Unicorn-11227.exe
2420	Unicorn-52068.exe
2504	Unicorn-41854.exe
2908	Unicorn-32202.exe
2312	Unicorn-41854.exe
1896	Unicorn-19758.exe
4276	Unicorn-33493.exe
1456	Unicorn-31224.exe
3756	Unicorn-48752.exe
868	Unicorn-52644.exe
4488	Unicorn-9565.exe
2876	Unicorn-15696.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 4704	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	82
PID 220 wrote to memory of 4704	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	82
PID 220 wrote to memory of 4704	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	82
PID 4704 wrote to memory of 2184	4704	Unicorn-41021.exe	87
PID 4704 wrote to memory of 2184	4704	Unicorn-41021.exe	87
PID 4704 wrote to memory of 2184	4704	Unicorn-41021.exe	87
PID 220 wrote to memory of 3464	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	88
PID 220 wrote to memory of 3464	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	88
PID 220 wrote to memory of 3464	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	88
PID 3464 wrote to memory of 744	3464	Unicorn-20112.exe	90
PID 3464 wrote to memory of 744	3464	Unicorn-20112.exe	90
PID 3464 wrote to memory of 744	3464	Unicorn-20112.exe	90
PID 4704 wrote to memory of 3452	4704	Unicorn-41021.exe	91
PID 4704 wrote to memory of 3452	4704	Unicorn-41021.exe	91
PID 4704 wrote to memory of 3452	4704	Unicorn-41021.exe	91
PID 2184 wrote to memory of 4000	2184	Unicorn-26243.exe	92
PID 2184 wrote to memory of 4000	2184	Unicorn-26243.exe	92
PID 2184 wrote to memory of 4000	2184	Unicorn-26243.exe	92
PID 220 wrote to memory of 1336	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	93
PID 220 wrote to memory of 1336	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	93
PID 220 wrote to memory of 1336	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	93
PID 744 wrote to memory of 5092	744	Unicorn-703.exe	96
PID 744 wrote to memory of 5092	744	Unicorn-703.exe	96
PID 744 wrote to memory of 5092	744	Unicorn-703.exe	96
PID 3464 wrote to memory of 3736	3464	Unicorn-20112.exe	97
PID 3464 wrote to memory of 3736	3464	Unicorn-20112.exe	97
PID 3464 wrote to memory of 3736	3464	Unicorn-20112.exe	97
PID 4000 wrote to memory of 864	4000	Unicorn-49904.exe	98
PID 4000 wrote to memory of 864	4000	Unicorn-49904.exe	98
PID 4000 wrote to memory of 864	4000	Unicorn-49904.exe	98
PID 2184 wrote to memory of 4768	2184	Unicorn-26243.exe	99
PID 2184 wrote to memory of 4768	2184	Unicorn-26243.exe	99
PID 2184 wrote to memory of 4768	2184	Unicorn-26243.exe	99
PID 1336 wrote to memory of 4336	1336	Unicorn-49639.exe	100
PID 1336 wrote to memory of 4336	1336	Unicorn-49639.exe	100
PID 1336 wrote to memory of 4336	1336	Unicorn-49639.exe	100
PID 220 wrote to memory of 1484	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	102
PID 220 wrote to memory of 1484	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	102
PID 220 wrote to memory of 1484	220	b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe	102
PID 3452 wrote to memory of 1308	3452	Unicorn-30038.exe	101
PID 3452 wrote to memory of 1308	3452	Unicorn-30038.exe	101
PID 3452 wrote to memory of 1308	3452	Unicorn-30038.exe	101
PID 4704 wrote to memory of 4048	4704	Unicorn-41021.exe	103
PID 4704 wrote to memory of 4048	4704	Unicorn-41021.exe	103
PID 4704 wrote to memory of 4048	4704	Unicorn-41021.exe	103
PID 5092 wrote to memory of 3268	5092	Unicorn-28856.exe	104
PID 5092 wrote to memory of 3268	5092	Unicorn-28856.exe	104
PID 5092 wrote to memory of 3268	5092	Unicorn-28856.exe	104
PID 3736 wrote to memory of 2512	3736	Unicorn-45747.exe	105
PID 3736 wrote to memory of 2512	3736	Unicorn-45747.exe	105
PID 3736 wrote to memory of 2512	3736	Unicorn-45747.exe	105
PID 3464 wrote to memory of 1648	3464	Unicorn-20112.exe	106
PID 3464 wrote to memory of 1648	3464	Unicorn-20112.exe	106
PID 3464 wrote to memory of 1648	3464	Unicorn-20112.exe	106
PID 744 wrote to memory of 3196	744	Unicorn-703.exe	107
PID 744 wrote to memory of 3196	744	Unicorn-703.exe	107
PID 744 wrote to memory of 3196	744	Unicorn-703.exe	107
PID 4768 wrote to memory of 1276	4768	Unicorn-53723.exe	108
PID 4768 wrote to memory of 1276	4768	Unicorn-53723.exe	108
PID 4768 wrote to memory of 1276	4768	Unicorn-53723.exe	108
PID 1308 wrote to memory of 2912	1308	Unicorn-12135.exe	109
PID 1308 wrote to memory of 2912	1308	Unicorn-12135.exe	109
PID 1308 wrote to memory of 2912	1308	Unicorn-12135.exe	109
PID 2184 wrote to memory of 3084	2184	Unicorn-26243.exe	112

C:\Users\Admin\AppData\Local\Temp\b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe
"C:\Users\Admin\AppData\Local\Temp\b428be7933061468513a1d4519b1da17ba8bb85f25bc7248bf9e32453f976682N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        7⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        9⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        6⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        8⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        7⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        7⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        6⤵
        Executes dropped EXE
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        9⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        9⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        9⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        8⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        8⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        7⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32742.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        7⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
        6⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        5⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        9⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        9⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        9⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        8⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        8⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        8⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        7⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        6⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        7⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        6⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 484
        6⤵
        Program crash
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        6⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        8⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        6⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        5⤵
        
        PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        7⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        6⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        6⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        5⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        5⤵
        
        PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
      4⤵
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
        5⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
      4⤵
      PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        7⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        6⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        7⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        6⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        6⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        6⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        5⤵
        
        PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
        7⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        6⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        7⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        6⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        6⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        6⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        5⤵
        
        PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
      4⤵
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
      4⤵
      PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        6⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        7⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        5⤵
        
        PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        6⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        5⤵
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
      4⤵
      PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
      4⤵
      PID:16696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37931.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        6⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        5⤵
        
        PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        5⤵
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
      4⤵
      PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
      4⤵
      PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
      4⤵
      PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
      4⤵
      PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        6⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      4⤵
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        5⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
      4⤵
      PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
      4⤵
      PID:1764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    3⤵
    PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
    3⤵
    PID:16016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        10⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        10⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        10⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        9⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        8⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        7⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        6⤵
        Executes dropped EXE
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        8⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        8⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        6⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        9⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        9⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        8⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13036.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        8⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        7⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        7⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
        6⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        7⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        7⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        7⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        6⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        5⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        8⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        7⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        7⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63590.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        5⤵
        
        PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
      4⤵
      PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        8⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
        6⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        6⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        6⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        5⤵
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        7⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        6⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        6⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
      4⤵
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        7⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        6⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        5⤵
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        5⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        6⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        5⤵
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        5⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        7⤵
        
        PID:15344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15344 -s 472
        8⤵
        Program crash
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        7⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        6⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        5⤵
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
      4⤵
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        5⤵
        
        PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
      4⤵
      PID:14604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
      4⤵
      Executes dropped EXE
      PID:32
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        7⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        5⤵
        
        PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        5⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
      4⤵
      PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        5⤵
        
        PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      4⤵
      PID:6084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      4⤵
      PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      4⤵
      PID:17364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
    3⤵
    PID:8736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
    3⤵
    PID:6028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        7⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        6⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        6⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
        6⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        5⤵
        
        PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
      4⤵
      PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        6⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        6⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11243.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        6⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        5⤵
        
        PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
      4⤵
      PID:6748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        5⤵
        
        PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
      4⤵
      PID:17380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
      4⤵
      PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
      4⤵
      PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
    3⤵
    PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
      4⤵
      PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
    3⤵
    PID:10416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
    3⤵
    PID:15348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        7⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63458.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18855.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
      4⤵
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        5⤵
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
      4⤵
      PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
      4⤵
      PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61716.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
    3⤵
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
      4⤵
      PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
      4⤵
      PID:1240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
    3⤵
    PID:8752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
    3⤵
    PID:12136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
    3⤵
    PID:14468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
      4⤵
      PID:16260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
    3⤵
    PID:8712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
    3⤵
    PID:11940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
      4⤵
      PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
      4⤵
      PID:15628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
    3⤵
    PID:6380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
    3⤵
    PID:10688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
    3⤵
    PID:14636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
    3⤵
    PID:5252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
  2⤵
  PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
      4⤵
      PID:16220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
    3⤵
    PID:10472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
    3⤵
    PID:14316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
    3⤵
    PID:5336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
  2⤵
  PID:8080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
  2⤵
  PID:10252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
  2⤵
  PID:15240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
  2⤵
  PID:17388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3456 -ip 3456
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 15344 -ip 15344
1⤵
PID:15884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 11236 -ip 11236
1⤵
PID:15912

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe

Filesize
468KB

MD5
be14285fc86b6e278965ff1085020b8c

SHA1
12793fd34db210d7e24b9f40089f276ac25bfee8

SHA256
939948da2059935671afa5ad628be76e2404ec096b8cad9edfe0a8ad8b71fea1

SHA512
61764f417f93a66694254697296736711cc44dd6edaf2de0f0aa95c2f830500814a5806a07b078e4c5df7b42f1b3e359de4483161f802c62ced0c805a7fffe80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe

Filesize
468KB

MD5
8c5c6c66d61daa579d02c8f39fbc9f19

SHA1
88511580ad336ecf3640298f04bc5b86b1ce97c9

SHA256
ed058a9bed64f326b896aa31cedc76ce65fce58ade979a859631ea1c222d1224

SHA512
9f030213151493f2059372e0580e2b005a245953f77ecdbe61ce136b1f6d82a1a8fd6db67207f0f036e3b5445f8229ad786eff7a099d48d5d1bc40426a68859f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe

Filesize
468KB

MD5
c39b4cf25028783a0d1b3d97136e0cbd

SHA1
27ad519c987527db0c83781e76f6c50d2502c8e1

SHA256
6cacaa3aaefccd7fe35563e135891787ca25bed77c764c2e0c0fd85d2f91fe3f

SHA512
0616e5415c41f28b9b422f241f04673731efa4e1db6946efda18652f54629dbb6cd871b8b41520a55b2a7e470daa8cae68ca65204eb618481f57b730d7b0f198

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe

Filesize
468KB

MD5
f9a5575ae5241fcc770a5e3e7c0b9aa3

SHA1
972655a1414c210aca05f0ea0aa11b4c74a6cd28

SHA256
21ab56c2e0313987b029adf543ff6f556b3eaaec9749d5dfaa09eabbbec7ad3a

SHA512
a2e0ea0fa19a63b1918becc46039ecb7a6729af66b03c4811d1476b50f77b0d1760f9c554d94a54796355a966e42e087983f348d1aa70085f6a448e29486bde1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe

Filesize
468KB

MD5
dd371c739b51f594d0d3872ab52e6707

SHA1
51d2db83450c4aa45ba1e5e4fc521d83367ea804

SHA256
7b052a3c59a296587251c9c8bfc7cfbe3d2b99f345d3c8ae1202ce8e6d5081a0

SHA512
6774b5fe94a711c43ce755f7cfd8b2a13d42c308d599deca9e6ccd1b8d0c3049e9fce1d4fc691b8a4210afa0a5d43b65f674c219811a07dbfe32e156e1b3b27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe

Filesize
468KB

MD5
defdde5ec4efc83afa2db1e1ad808e0e

SHA1
e717be74b3db108d27294b4107bb66ed7dfc42f2

SHA256
95d2a4882a7cd1adee2de121569f9297c592175e7178f99de10de1602f861457

SHA512
e04c342834ec2ab10aac6132ab1e6fda266d420efe25e76cddc60e818007948e33d7ab5b0a44c4a2899b4e9391618603dfbb4da4b5de89430365c8eaac5feb1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe

Filesize
468KB

MD5
64f16d7440c2ba32354be399116cd6f4

SHA1
e6c673f3b0af95c352e4aaceca838b67c8066fe6

SHA256
a1edb3ce331ff52c7c255a6402a48c814ca2dca6e77c38e878a076440ffa56d0

SHA512
47567fcee6f7b69968ce09dc3f746e995ab5dfea7b5301d135934dada4ecc6faea195ec3ba80541346dfb4bb431d73505f39072f569cebcf932bd238566606b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe

Filesize
468KB

MD5
ceaaab03bcaf46d414497b6d985727ee

SHA1
4106a611c8d8222e4d5936e27a192f1852ff3c2d

SHA256
ca40c9ab76e771a093497e9c70e6beaa5257ac9eff7ed93bd923d604c9f50a14

SHA512
5272f9ed75f69c48d1b92e8f4035b9279eba55bc070a5ff74734414461e2b8ca5b8b44d64c66f998a8bc49f71f0f5fc7007da64db9977a464adbba5218e375ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe

Filesize
468KB

MD5
819cf5afcf4d69fa11512a6bc75c96a1

SHA1
18ee21dc8497ab0c8a6082457126ae66816f949b

SHA256
92b646a24b0431716996ad9e6617e6acbcb7febc3e9aa29ab4ff61b92c438cf0

SHA512
57fc6315e1bc00ae828a0e005e63b386fdfef9b4f061521d9cc1705ba4a000e43566ae59554dd50ee57b2686b2b87e9b49892a61ac5f3bb8f5ea0e16aa537abd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe

Filesize
468KB

MD5
44335843dac397dbad431ec63d1fc398

SHA1
499b7b7edf61bd8f0a37e14cb173a84628c2505c

SHA256
320821668e7f886eef9dd27fd2e511dd1bcc0d079aca624903f9ee9343166ec1

SHA512
01a660f2479fb6ee3140c1aa82741109833d88249ce23f36b24f9c86b00240c6399723bc0e78493c3bed0cd6e7c567df6d47ed2a04f217f33155477b80e952d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe

Filesize
468KB

MD5
b489c545c34c428b5eae5775df3ff1a8

SHA1
285c39ac46b6f648971c3cc604e9c7f2ddcbc6ad

SHA256
149c7c8d3169f40924358b773613da80faa73080692f6122f64ed24e428d8916

SHA512
c71a540ef9928a9c4f7fe53dee56c14bf609905750717a20f84bb0aa05184f0e3107bf570e4e73a1476bdf0f03db90fe7534c135405d099b5f3922b99a59c2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe

Filesize
468KB

MD5
4a2eaae6e3ca703e30c4a34736963a4f

SHA1
0147bff9c88a7753f1382936d4ff3beb547b17ef

SHA256
14bb4d6c9382be1a720202bba6cfbe021fbb81a1988c788a2634bb67e70d19ef

SHA512
9e8bdcc37eb857799b622daa73b87c761662f9dc2495ea4dd918079b71004975c196a97e86df777261da7f2bdc274be5d971f2cf64f685188ad534ced74d89a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe

Filesize
468KB

MD5
1c0007bc6be465b976eb6ffb3695daa2

SHA1
0056834c3a80c2cc548d220515c4278510f3c6dd

SHA256
231951a098a8c83ba6da9636a54dc0f4fa08c503c6cefd2a5177a8e2ddce4c08

SHA512
e73754ed62a1f10d7d4f77d136f7c4cd559344b86c95ecfffd03b404b75b6bfe8de847f3806695e5984060f57cba20b0a343f75894c55eec05b84e84f7e2939c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe

Filesize
468KB

MD5
0e2de3fbaef68f7acb8179ab4a2144e3

SHA1
0029182478bc412b5f90dc2bbc607fc31004b723

SHA256
d5255fcfd3aaca6695f58102e519125b2a459e79ed7aafe3022a8c6bafc281c8

SHA512
65dd662d506ed0959747402fbbf4b655080266208c9e6af00071d42a1c58ddbf5b83d86ac5700393369906f13671e0fd21620dd8d05d4123f5a50fc4d0d68cad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe

Filesize
468KB

MD5
e17f2e24f661acd0c55d01aaf1c134e5

SHA1
068f2fe1ce0555da18d0cdbd6ce6eadafe78ab99

SHA256
d7a4a14e42c35938df7a2062405948e0f5d290d16a25fc96412b629a123bc1fe

SHA512
fb7697f8dfaeb770fd8e31a536d3033b2adbdef7a28f22fc02ecf8ebbe18f8f392299fda3620aeab5bcb1ff8aee76ea8d8218d516997b331a07593bed6120d40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe

Filesize
468KB

MD5
a608b96b48bdf4bd6e041ce5e21592da

SHA1
cf120eda0a3df0b969a6ecd9039b042569beb504

SHA256
5f4fecb4a74341cc2386c26750fc8a97e40cbb5bcf1f3026763e09aed081ddfb

SHA512
2060a6632d8b453ce23b7ee2d4e4f4f08eb7b932d2a88bc921a3469ee3c4af9b59937b85961204bb3c1a446257ce69431d1bf622b31b7d0f3b1a607a653b1e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe

Filesize
468KB

MD5
5a7d8921a4cc23acd58de847033545e4

SHA1
e6b140df8f5a0ea2241a0146a53c9671f7349d5a

SHA256
5f5fa762893716ab63aec489d93699a423876eb7002d02b5c0d9f17c1f98b768

SHA512
bf232a10b95b51abb2b2c1f116cf6fc73ca5aaf58c256b558d01ddc10b7dc6d8bdb02ab2f287df6f1e945f7acef16c6612d9268b7833dab626bb27cc86142cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe

Filesize
468KB

MD5
b78c8ca8a8f15d84042442df9166a77f

SHA1
1e93bc500b6a9301e7daba2e734a4a5edee12ac3

SHA256
bcf5d858f61e484d6975db72e1d6574d851267405a1967dd9135800d0c19a198

SHA512
ca9d53334c3f47388ed140d67f30190b5923ab6b6979df613a8da0ed7256588e1f98c89748b0a2b3800e764f8815d787dea6c34340784ebf807927358b09b823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe

Filesize
468KB

MD5
5386fbadf7b8de880b4321afd4a98d14

SHA1
e275197017f87f3f5f9dd62fa2281e59f7791aee

SHA256
31a207a57d92eec2e1282b9f0b1bbb4bfd9dff5274985e1dc3917e15e0038389

SHA512
5ee92fdffd7d0de58183c9fcce86c06accfed0d134c43ba99804e97d17edf0da03aa40915b71799bdc412e4510b76b5796382f0e0c74eac7e31ff7d4b222dc13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe

Filesize
468KB

MD5
06ea401e025bb3bbafe800e597fb692f

SHA1
d7f670ed7573f656626a6cb3c95b5a982b060aee

SHA256
df41d5cd5738d6a5c483f5ad9ad2cab249da09f29ed0b8bd8a862775d407fc9c

SHA512
e1740b82e32978c3b425a970f43bf6ba0f287e32881e65fb5bc50217a17afbbebbc1c8bed0b8308af06d1404c7452ea1c2ba466928afc12db122f09de1ca9563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe

Filesize
468KB

MD5
efe6f593616d4f3a7c03ecd6a7f4bb59

SHA1
e3cdf95a704addc8dd45db2e1ec0dec7013728b0

SHA256
4b3cb04f4c0c204cd1e15cf8716c2bdcf3e9b1e1d0b58934ca825d8987e5a9d0

SHA512
bc6e11932b17900a3aec49039aa38c177488c7f46810acb756d4cf2677d7d1ee1d587fd7ff61af72c21a08ec49edf0e648d656866758dff92762b099f6cd29ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe

Filesize
468KB

MD5
2aa8c3791147de72be81bfc3a39e56da

SHA1
4aa9ffb129c5274f6adb020ef46db499f9f55e91

SHA256
fdf3c44916a7f59e10bf3836745e60f66a489f78df819bbeb08095e0336c3860

SHA512
48555872c77889e7b428af3e2a415a6430e4f96a7e3ca3ae0b9faa59f1f1b41fa02f0a88c398f502b92371f38b6d738a48c8f516e726d3c24af64661aeb186f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe

Filesize
468KB

MD5
8a724a6949e1b4b8ec9d503dd3bc198e

SHA1
d7afb3c5254479a79f76e26e4b80edb135f19404

SHA256
2f7eb3ccdc0c9404e557742ff4a32708d56d2e8b6b5807daf633f8b71d6f0383

SHA512
af90dae69ef2b9e12ea9e57aafa77613d3a6bca998e314ac40a36dedd45bc1a68983e1b7df043737f483fed67fb135c9c1625d3bbc96c6929db58fb35521da87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe

Filesize
468KB

MD5
32dc9da2b92fb505ecb44d9226f9e403

SHA1
259fc24ca1a232a7b88972979661cc7739c9beae

SHA256
400da19cc41b9021e291eba2bf97690918000f5b9d58e3287937104cc39febfd

SHA512
a72b16388cbc7ff0744fc8d7dce19010b54aba3fbbdb96c683be404cbf08d2091670815dbf199fa91ca3f76eb27a0c76bcce86834b63b67e4e50423acabef20c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe

Filesize
468KB

MD5
ffa6f5207dbacf55be187e30cb22d4f7

SHA1
5ea5fe6229a6ef5f621046167d995c510dc942d2

SHA256
ac5990e807f5a3b29ca6ee58bb2e31abd5bbcf3b78e7a05efd36a125fd9c3bed

SHA512
16e09d0d7c49bca1dc75fb54969d7e6cc1c7e86fe905f1d086cbbd3649f6c453ea8f963da932b8c0039c92d2dcf4b86a8fe45d4656d570a2e34b7f12ea5a6d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe

Filesize
468KB

MD5
d27551ca6dc248935ed534dd53c780ba

SHA1
a420f4c45202424b89c7b10e94d8d38ec77e6598

SHA256
0e2164b2fd3ca4ca37666f23124118da6fed8c10505f9c1dca74bfeed0f3b1f4

SHA512
24508d747c5b213aa505d2cb69e0d712868c9eb1bd7aa8f98a2582973afbad4055e7b8a4d824fd076005d6101482770740d2d64502acb736f6feafe81700ba96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe

Filesize
468KB

MD5
ca6a56f8682a8f0848a423af413e4e18

SHA1
b52c3ef4a8a3c0bfb2538df1134b30add6f44dac

SHA256
eda5d1c37021fec610e670b765256a1043d40de0d6fff51ad1331b4b54de9133

SHA512
2b8eb3ce9a58bdc6cde005d53d3e6def62d4bc87da77903ac4c9d25414b736714a928d752b1dc1bb5384a4abdf776e45063eb88b40503c4077fa84c4f59f70a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe

Filesize
468KB

MD5
03c7764c62398ce5846ad295b3553127

SHA1
095dcd7fc590b1c0dc0330017621fd817db33c8a

SHA256
f330b94d64f32a6d5bb058395f1147d3f28824a818e6a7f42d1a7cf89e4c5061

SHA512
4705272d93fe8384bcd3d0797852d3b94b1596d822774604f4ff85b6d7e76d963f7cd1c4c1d0b99c89614dda72e46c10e5beff084377cfac3d437fb6544edee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe

Filesize
468KB

MD5
f99512878af57c3353935f492f3a4696

SHA1
aad4b77ff78885ea23f768181f2ea1426b586623

SHA256
86564e16e3a6397198cd9709b7b4c9c9644b1153b4ef72298b1d15b451b93bdb

SHA512
d0011e73043190195d8d1f9aae94b5be40a5eea42365750edb2cebdd3e2bc60da2279d5d873266bae0b8e0cf2179395d960c1c7bdd8e96a83140c72ef701ebd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe

Filesize
468KB

MD5
4272ad92922543dbb2aa5c22f58fcb07

SHA1
05d468ad5a494a51b42d3e13c91be29a9d9fdf27

SHA256
200e7ced94bd2ab88853a92e91c647c864434d92bfe31c2c2f596f45f940d713

SHA512
8d1e13903c220ee7129d88442543ec26cf6cb5af112627e4393f325f1b1e11a7b05af020f51cd4524410ce2d93ec3147b7c3217e323bbc148814b02e2657473d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe

Filesize
468KB

MD5
231c06bf795529f2fbecf0deed0ee97c

SHA1
7a85641079a4cb7731e7b6a3f8ef476c5e7bff12

SHA256
207b1a435a1a0e0c42d8d89b6611eede2284140bbfb6f67abd7d21a272c83219

SHA512
f66967ad8576ecf0508eb19649e5b487132853b4ea93522ef425861df6a371d73d9f28a881f6317955ad90cf1142c19a90d3475178b73b7590630be386b9de25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe

Filesize
468KB

MD5
2389ccb172b0a4dd4b0bd970683b8b69

SHA1
39b4d41fd636dd7c44d316f353a57a1946733c3d

SHA256
d3a32b9963553e342ec642730816c31f7818e5945d8c73f3f1c567d6bfe8ee11

SHA512
a5a449ad4e0cf3d2cd550c797adbb1f960bca9d83dd8510b1414f7a853d73a455748170c29cedcfb961c8e1f0f38d1c8a37efca859e4c7fe3fdd39a5a754a5b4

Download Submit
memory/32-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/384-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/744-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/816-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1192-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1276-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1280-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1336-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1376-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1388-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1456-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1484-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1816-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1896-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2184-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2420-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2912-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2932-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3196-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3256-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3296-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3336-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3340-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3716-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3756-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4024-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4144-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4264-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4276-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4316-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4704-8-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4768-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4944-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4996-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-58-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5272-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5280-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5304-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5316-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5372-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5384-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5628-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5644-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5720-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15796-2852-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15800-2513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads