2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1

Analysis

max time kernel
120s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe
Size

468KB
MD5

88bfb0f39d410302d0a16bbcf6ad0850
SHA1

33e33a260a3c0c0f8d92dfa561607164d958e9be
SHA256

2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1
SHA512

a2daa9f2f0c2e59724345550e8769fcae87ee51ee64a1d53f4fee1ad2ea759aa145f0d7cf16f69dfb8878b958446228b2027f6c082bb575ca40451668349ede9
SSDEEP

3072:P4ciogxxj28U2bYWPa37qf8/ECqjyIpdymHxw/HWCxy+JMkVVNlU:P4ZoqXU29PQ7qfG01fCxVKkVV

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4740	Unicorn-4484.exe
5036	Unicorn-58812.exe
3256	Unicorn-11235.exe
3660	Unicorn-16156.exe
3124	Unicorn-34115.exe
1432	Unicorn-29093.exe
4104	Unicorn-22962.exe
1544	Unicorn-24573.exe
3528	Unicorn-623.exe
2348	Unicorn-68.exe
1176	Unicorn-59475.exe
536	Unicorn-53353.exe
432	Unicorn-57800.exe
3960	Unicorn-11863.exe
1564	Unicorn-23503.exe
2652	Unicorn-9435.exe
3516	Unicorn-62336.exe
4360	Unicorn-10120.exe
4156	Unicorn-8978.exe
1268	Unicorn-42985.exe
2832	Unicorn-23119.exe
4904	Unicorn-36855.exe
2820	Unicorn-49892.exe
5072	Unicorn-58367.exe
1476	Unicorn-16050.exe
4404	Unicorn-59684.exe
1304	Unicorn-55600.exe
4320	Unicorn-59129.exe
3748	Unicorn-12616.exe
4840	Unicorn-31182.exe
4616	Unicorn-24677.exe
1340	Unicorn-44775.exe
4368	Unicorn-41567.exe
3192	Unicorn-36929.exe
3668	Unicorn-28761.exe
4532	Unicorn-55164.exe
1288	Unicorn-55164.exe
1596	Unicorn-12123.exe
2340	Unicorn-1330.exe
2480	Unicorn-14344.exe
4612	Unicorn-30608.exe
1040	Unicorn-5984.exe
4340	Unicorn-5984.exe
4940	Unicorn-26405.exe
1396	Unicorn-42933.exe
2956	Unicorn-58947.exe
820	Unicorn-13275.exe
3132	Unicorn-59269.exe
3664	Unicorn-33803.exe
3708	Unicorn-59269.exe
3084	Unicorn-51101.exe
1636	Unicorn-40887.exe
3844	Unicorn-39626.exe
5076	Unicorn-25890.exe
5028	Unicorn-43295.exe
4476	Unicorn-65199.exe
3524	Unicorn-5527.exe
4372	Unicorn-46332.exe
4984	Unicorn-39233.exe
3208	Unicorn-39233.exe
3016	Unicorn-13394.exe
628	Unicorn-47401.exe
4960	Unicorn-8423.exe
4456	Unicorn-20675.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
6624	3048	WerFault.exe	166
6704	7880	WerFault.exe	314
16628	6056	WerFault.exe	212
17872	536	WerFault.exe	99
17908	5652	WerFault.exe	243
17900	6624	WerFault.exe	349
8152	6624	WerFault.exe	349
8112	536	WerFault.exe	99
8076	5652	WerFault.exe	243

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57788.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1368	dwm.exe
Token: SeChangeNotifyPrivilege	1368	dwm.exe
Token: 33	1368	dwm.exe
Token: SeIncBasePriorityPrivilege	1368	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe
4740	Unicorn-4484.exe
5036	Unicorn-58812.exe
3256	Unicorn-11235.exe
3660	Unicorn-16156.exe
3124	Unicorn-34115.exe
1432	Unicorn-29093.exe
4104	Unicorn-22962.exe
3528	Unicorn-623.exe
1544	Unicorn-24573.exe
1176	Unicorn-59475.exe
2348	Unicorn-68.exe
536	Unicorn-53353.exe
432	Unicorn-57800.exe
3960	Unicorn-11863.exe
1564	Unicorn-23503.exe
2652	Unicorn-9435.exe
3516	Unicorn-62336.exe
4360	Unicorn-10120.exe
4156	Unicorn-8978.exe
4904	Unicorn-36855.exe
2820	Unicorn-49892.exe
1476	Unicorn-16050.exe
1268	Unicorn-42985.exe
5072	Unicorn-58367.exe
4320	Unicorn-59129.exe
2832	Unicorn-23119.exe
4404	Unicorn-59684.exe
1304	Unicorn-55600.exe
3748	Unicorn-12616.exe
4840	Unicorn-31182.exe
4616	Unicorn-24677.exe
1340	Unicorn-44775.exe
4368	Unicorn-41567.exe
3192	Unicorn-36929.exe
1288	Unicorn-55164.exe
3668	Unicorn-28761.exe
4532	Unicorn-55164.exe
1596	Unicorn-12123.exe
2340	Unicorn-1330.exe
2480	Unicorn-14344.exe
4612	Unicorn-30608.exe
1040	Unicorn-5984.exe
4340	Unicorn-5984.exe
4940	Unicorn-26405.exe
2956	Unicorn-58947.exe
3708	Unicorn-59269.exe
3664	Unicorn-33803.exe
1396	Unicorn-42933.exe
3132	Unicorn-59269.exe
820	Unicorn-13275.exe
1636	Unicorn-40887.exe
3084	Unicorn-51101.exe
3844	Unicorn-39626.exe
5076	Unicorn-25890.exe
3524	Unicorn-5527.exe
4476	Unicorn-65199.exe
5028	Unicorn-43295.exe
4984	Unicorn-39233.exe
628	Unicorn-47401.exe
3016	Unicorn-13394.exe
4372	Unicorn-46332.exe
3208	Unicorn-39233.exe
4960	Unicorn-8423.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 4740	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	82
PID 2804 wrote to memory of 4740	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	82
PID 2804 wrote to memory of 4740	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	82
PID 4740 wrote to memory of 5036	4740	Unicorn-4484.exe	85
PID 4740 wrote to memory of 5036	4740	Unicorn-4484.exe	85
PID 4740 wrote to memory of 5036	4740	Unicorn-4484.exe	85
PID 2804 wrote to memory of 3256	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	86
PID 2804 wrote to memory of 3256	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	86
PID 2804 wrote to memory of 3256	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	86
PID 5036 wrote to memory of 3660	5036	Unicorn-58812.exe	89
PID 5036 wrote to memory of 3660	5036	Unicorn-58812.exe	89
PID 5036 wrote to memory of 3660	5036	Unicorn-58812.exe	89
PID 4740 wrote to memory of 3124	4740	Unicorn-4484.exe	90
PID 4740 wrote to memory of 3124	4740	Unicorn-4484.exe	90
PID 4740 wrote to memory of 3124	4740	Unicorn-4484.exe	90
PID 3256 wrote to memory of 1432	3256	Unicorn-11235.exe	91
PID 3256 wrote to memory of 1432	3256	Unicorn-11235.exe	91
PID 3256 wrote to memory of 1432	3256	Unicorn-11235.exe	91
PID 2804 wrote to memory of 4104	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	92
PID 2804 wrote to memory of 4104	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	92
PID 2804 wrote to memory of 4104	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	92
PID 3660 wrote to memory of 1544	3660	Unicorn-16156.exe	94
PID 3660 wrote to memory of 1544	3660	Unicorn-16156.exe	94
PID 3660 wrote to memory of 1544	3660	Unicorn-16156.exe	94
PID 5036 wrote to memory of 3528	5036	Unicorn-58812.exe	95
PID 5036 wrote to memory of 3528	5036	Unicorn-58812.exe	95
PID 5036 wrote to memory of 3528	5036	Unicorn-58812.exe	95
PID 3124 wrote to memory of 2348	3124	Unicorn-34115.exe	96
PID 3124 wrote to memory of 2348	3124	Unicorn-34115.exe	96
PID 3124 wrote to memory of 2348	3124	Unicorn-34115.exe	96
PID 4740 wrote to memory of 1176	4740	Unicorn-4484.exe	97
PID 4740 wrote to memory of 1176	4740	Unicorn-4484.exe	97
PID 4740 wrote to memory of 1176	4740	Unicorn-4484.exe	97
PID 1432 wrote to memory of 536	1432	Unicorn-29093.exe	99
PID 1432 wrote to memory of 536	1432	Unicorn-29093.exe	99
PID 1432 wrote to memory of 536	1432	Unicorn-29093.exe	99
PID 3256 wrote to memory of 432	3256	Unicorn-11235.exe	100
PID 3256 wrote to memory of 432	3256	Unicorn-11235.exe	100
PID 3256 wrote to memory of 432	3256	Unicorn-11235.exe	100
PID 2804 wrote to memory of 3960	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	101
PID 2804 wrote to memory of 3960	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	101
PID 2804 wrote to memory of 3960	2804	2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe	101
PID 4104 wrote to memory of 1564	4104	Unicorn-22962.exe	103
PID 4104 wrote to memory of 1564	4104	Unicorn-22962.exe	103
PID 4104 wrote to memory of 1564	4104	Unicorn-22962.exe	103
PID 3528 wrote to memory of 2652	3528	Unicorn-623.exe	104
PID 3528 wrote to memory of 2652	3528	Unicorn-623.exe	104
PID 3528 wrote to memory of 2652	3528	Unicorn-623.exe	104
PID 1544 wrote to memory of 3516	1544	Unicorn-24573.exe	105
PID 1544 wrote to memory of 3516	1544	Unicorn-24573.exe	105
PID 1544 wrote to memory of 3516	1544	Unicorn-24573.exe	105
PID 1176 wrote to memory of 4360	1176	Unicorn-59475.exe	106
PID 1176 wrote to memory of 4360	1176	Unicorn-59475.exe	106
PID 1176 wrote to memory of 4360	1176	Unicorn-59475.exe	106
PID 4740 wrote to memory of 4156	4740	Unicorn-4484.exe	107
PID 4740 wrote to memory of 4156	4740	Unicorn-4484.exe	107
PID 4740 wrote to memory of 4156	4740	Unicorn-4484.exe	107
PID 3660 wrote to memory of 2832	3660	Unicorn-16156.exe	108
PID 3660 wrote to memory of 2832	3660	Unicorn-16156.exe	108
PID 3660 wrote to memory of 2832	3660	Unicorn-16156.exe	108
PID 432 wrote to memory of 1268	432	Unicorn-57800.exe	109
PID 432 wrote to memory of 1268	432	Unicorn-57800.exe	109
PID 432 wrote to memory of 1268	432	Unicorn-57800.exe	109
PID 5036 wrote to memory of 4904	5036	Unicorn-58812.exe	110

C:\Users\Admin\AppData\Local\Temp\2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe
"C:\Users\Admin\AppData\Local\Temp\2ed8e09d14e46687e4c6a721c75e87b219642b37d59e73565c4ddcd394aab1b1N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        10⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
        10⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        9⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
        9⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        9⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        9⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        9⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        9⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26766.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        9⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        9⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        8⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        7⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        6⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        7⤵
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        8⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        7⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        8⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        7⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52012.exe
        7⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        7⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        7⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        6⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        6⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6083.exe
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47401.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        9⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        10⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        10⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        9⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        10⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        10⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        9⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        8⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
        7⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        9⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        10⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        9⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        7⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        7⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        8⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        7⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        6⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        5⤵
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        6⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        7⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        6⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        7⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        7⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        5⤵
        
        PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        8⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        7⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        6⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        7⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        7⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
      4⤵
      PID:16604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        7⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        7⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        7⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        7⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        7⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        6⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        5⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
        5⤵
        
        PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
      4⤵
      PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      4⤵
      PID:4212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        8⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        7⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        7⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        6⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
        6⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60799.exe
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        7⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        7⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        7⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25867.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        6⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        6⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        5⤵
        
        PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
      4⤵
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        6⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        5⤵
        
        PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
      4⤵
      PID:11712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
      4⤵
      PID:16764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        8⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        6⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
      4⤵
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        5⤵
        
        PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        5⤵
        
        PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
      4⤵
      PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 636
        5⤵
        Program crash
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33067.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        5⤵
        
        PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
      4⤵
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
    3⤵
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6678.exe
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
      4⤵
      PID:17268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      4⤵
      PID:408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
    3⤵
    PID:9676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
    3⤵
    PID:14400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        9⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
        9⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        9⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        7⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        8⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        6⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        6⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        7⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 652
        7⤵
        Program crash
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 632
        5⤵
        Program crash
        
        PID:17872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 632
        5⤵
        Program crash
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        7⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        6⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 636
        7⤵
        Program crash
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        8⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        7⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 632
        7⤵
        Program crash
        
        PID:17908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 632
        7⤵
        Program crash
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
        6⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        7⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49386.exe
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
      4⤵
      PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
      4⤵
      PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        7⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        7⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        7⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        6⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
        6⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        5⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        7⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        5⤵
        
        PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2322.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        7⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        7⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        5⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        5⤵
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
      4⤵
      PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
      4⤵
      PID:6716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        5⤵
        
        PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
      4⤵
      PID:17652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
      4⤵
      PID:17708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
    3⤵
    PID:8000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
    3⤵
    PID:11268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
    3⤵
    PID:16400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        6⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        5⤵
        
        PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
      4⤵
      Executes dropped EXE
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        6⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        5⤵
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27550.exe
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
      4⤵
      PID:14596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        7⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        5⤵
        
        PID:11236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        5⤵
        
        PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
      4⤵
      PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        6⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        5⤵
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        5⤵
        
        PID:11908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
      4⤵
      PID:11648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
      4⤵
      PID:12920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
    3⤵
    PID:9240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
    3⤵
    PID:11900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
    3⤵
    PID:1484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
        6⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        7⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 740
        7⤵
        Program crash
        
        PID:17900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 740
        7⤵
        Program crash
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        6⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        7⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
      4⤵
      PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
      4⤵
      PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
      4⤵
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        5⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55556.exe
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
      4⤵
      PID:17300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
    3⤵
    PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
      4⤵
      PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
      4⤵
      PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
    3⤵
    PID:11784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      4⤵
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        5⤵
        
        PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
      4⤵
      PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
      4⤵
      PID:14656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
    3⤵
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        5⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        6⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
      4⤵
      PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
      4⤵
      PID:1152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
      4⤵
      PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
      4⤵
      PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
      4⤵
      PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
    3⤵
    PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
      4⤵
      PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
    3⤵
    PID:16208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
    3⤵
    PID:16596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        6⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
      4⤵
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
    3⤵
    PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
      4⤵
      PID:7100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
    3⤵
    PID:7044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
  2⤵
  PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
    3⤵
    PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      4⤵
      PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
    3⤵
    PID:10896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
    3⤵
    PID:13176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
    3⤵
    PID:3316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
  2⤵
  PID:6760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
    3⤵
    PID:8756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
    3⤵
    PID:13072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:10724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
  2⤵
  PID:14768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
  2⤵
  PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3048 -ip 3048
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 7880 -ip 7880
1⤵
PID:9968

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 536 -ip 536
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6056 -ip 6056
1⤵
PID:17312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6624 -ip 6624
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5652 -ip 5652
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe

Filesize
468KB

MD5
3ec15646b4fe49dd5254c862553be62e

SHA1
336877e27fc0d5b449122c9db84cc1fe3058502f

SHA256
794072eccd451d6e7db20ef6c0e820cc80a365e5c45733e23364a58cdeeb589f

SHA512
db48b9a35f9ac9eae26f6f41fb383f5baf2d298c934446c910538e7425eaa609a499f5fc68799d564768afdec99ac5779ecfa123bf4e0de0e972f3f4a0664972

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe

Filesize
468KB

MD5
e160f7e8655b31cff307029cefe074d7

SHA1
e33292ff0c9862725165a19e0fdd61652c065437

SHA256
80edd67cc07134f92f06b1fb254d99167200bd3dc1a8a40c740dec72ea930c6c

SHA512
06b3c69d54b6bb0aa6d1ccdc61e72788267d445a4b1d853d527048b9bca7e24a75bf2395c657eb35cff8a320f3659a4d7c042d395fc9d41afa38cb4b1fa25fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe

Filesize
468KB

MD5
0f182a7a4b741afb137168c682ffed85

SHA1
3dd17bebb98db4f8bd711cae0dc5a8484719c49c

SHA256
27a3439b36672f5bb630f8dea81d17d29f4ae627699da82e9979ddbb1d5f8bd1

SHA512
1c0b9dd5385845a18d341eae76a45d7126ee0c08c349b44f841f9c20c2252e45f19563241812510b452304814cecbbe9d6559c42a6e7e5db52abc481607762fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe

Filesize
468KB

MD5
ba8515496e12aa962be22a97ac8e7986

SHA1
7d3b4caa4462d636de2f04503ffcf4f09a55dfba

SHA256
0a8e65fcbc41ff6e0d884a6332aade5f01317455355232b05ecee423aab26aad

SHA512
1709ab837c383aebe6c0f04c4d33e9f4bcfb74e7ab054b59f99c5625870a527c20107da7e12bf7d02575f558638e1e7a5ff7011c44bf24726b60e4af30f8de22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe

Filesize
468KB

MD5
c77121d635715f2d651c64b476a4a3b5

SHA1
ccf522e9deafd3f75af7c26ef3a2a8019a0310c2

SHA256
eb7d43bb3e7829a2999413f1927b04ddd04040b12c943b268ba00c614c59b3b2

SHA512
82b8ed9d6f5fbb5c7a0845e57e384b0c3a81eb418cd189d079069c6cea770b039343678bf3a50b59f0b648908a778ae485f62272fbcfdc9bef76227dc67de399

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16156.exe

Filesize
468KB

MD5
cd4b9d9185ac7b81652b374fc707970a

SHA1
96e4430e5117386d64b1bcf0751ec089262c9794

SHA256
bf3d4263e2622fead5e59bd2070a586a11c4a89d0d2079f9ef45ee3a730679dc

SHA512
13abdcdf7844d50c33d0df8cd641cc8344325478fe8b78a6dfbceba3f55be43b151375c4fb3eea8a78be6a1e7140e6f14683dabcb33026c727d548dd6c2fa088

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe

Filesize
468KB

MD5
172f1c10617e9c17ca352a47f6976dea

SHA1
39f1aa1c5b495674c1380ae42b57a507102d56be

SHA256
4add576676334bc30cacccc44042871913b5cffc8cf2ccae81f7582bcb03d1ed

SHA512
322b313fef54bf7eddfdc271e1ce96dd99eba10845270621217cb0964102a8bd78305e189978cb080a51f3e95ee7bd3fb6560fc9e1617e8c43de2fb43d96831a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe

Filesize
468KB

MD5
43e4d7d4d6c8ca9fa15b16226cd914df

SHA1
4d982a98742d06331982fbca5dcf46c9a97643c0

SHA256
e342f6a54a6345345edfbc2a92ade196cfab5adcfdefd1e6c9f2892ec4555d54

SHA512
4e937ad2d761465334f2fa0efcd7aaf4968f625e1756bb2180dd353b9bd854df216862722dd0edd89724fc3fb1e59b7d904269fbb7ee9031dac09d09f8504cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe

Filesize
468KB

MD5
126313d6b7d7a491e52b3a7d1b44881c

SHA1
ba5f407eab5ae1b073cf61f7ceaba522576f28ba

SHA256
18d9e0cedff7f0a3216ed5fe735537ff503ffea53891f8e3f5c02a67f787651c

SHA512
35db6f1464e7660612d1999b5ece81bc8b71893ccf627fd445101a20a5e089dc6ffe895f83915b68610a8674d8d2dd75729fc63a33e99b2386549aa13cc2743f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe

Filesize
468KB

MD5
81242b6ee64e8cf467276f6c33a8cc28

SHA1
eb1a4763134396516056c009df878914949b9068

SHA256
70dd66236c9671a7def8508a52554be7668e2a2773df928bf42d7072c25ae9d1

SHA512
57b69e7b6c8cf376cec48f905cd6fc4825cf40646e5a02da6f9930f23a5a739e5b73fff434f374f4ba806de6ab2ba366db0442cfcb059dc7b5dd77eb204926a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe

Filesize
468KB

MD5
f3e8a1a69e173a286a6f671683aa698a

SHA1
4cb2b26141b6ce78ccf1c22ac2736138e5a721d0

SHA256
f1f96f0d8bbddfa0abf4eccebb9394d92a0c06904de34f37b93c8b56336eb439

SHA512
5b6f97cfb79f7125593e2954fcd7b1a7339383c0891933c229f2d821ad97e0f984a65ce96585b4dd11a2b8fe0dd1e9732a99abee4404a60f1fd3923187510805

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe

Filesize
468KB

MD5
c03e7678bf55770c098f5680d9b34fd8

SHA1
325535da62d7ce0fa49aeaa9c01a28a92726da3b

SHA256
331c0f2478553688d7311ca48344b9c0e663d50ef97a879b5864d1df0dd03bd5

SHA512
2445c055d0d9d4233cbd9ff2be88b09b6a38d61b2370f229953f58a19499260769a573e88cc471c372e57d6c2347f40573444a57f252ba4f7d5df50cc2a3de4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe

Filesize
468KB

MD5
dd55ee543bc430de59fbfd088f17fe05

SHA1
4aa01767b51a795b857ea72a9547ffe6e266cace

SHA256
a161beff8425f8f05145d973112d07ae453d3dcbc501655ede727a3f916a9cd5

SHA512
724b576a53ac077faf21bb556f061c366f74de54ee7aac8b85c643995f51bde4877b807aa49b8dac3bcebc9d8d701ce6bdea43c7e0cae2eb4fce744af3e372b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe

Filesize
468KB

MD5
134aa7a8098ebda20fe1a03f7860810a

SHA1
d2c0ae07333705a6467a5520e9ba899daaa32701

SHA256
3097e32be02fc7c10a5c5fa7fc45cafcd11ebf6179be930795ee809026bf1625

SHA512
729e5170018fd0e7a1135a3b7790b24fd525ebc33bd66328ad78882251236bb769ab7bc57212311fdb10601bcf9589f7601f7116b37fab30b27e5c9e7fef9a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe

Filesize
468KB

MD5
396bab3b93e3744c9eb1546d34488d41

SHA1
4ec5c388e21696947c6351e5699e93adce00d1c4

SHA256
b3580446877f428fabc58762292367274cdc3bcee73c5daca4a2e8a5c5244090

SHA512
1e4cf0c6e249eea9b5bd93d0123ea0da40d8676f6d7a03b8a4f105151706acfa0d03260e2f727f4e7e0a16667df9e4b0f4ef9ba109985af736e2cf71763e61e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe

Filesize
468KB

MD5
5fd59ea09691b1b7838af79c3777cf25

SHA1
25a029e0fa104bbb69d2746f483908d47f7e7b34

SHA256
15eb89f0b646ed5f2020b558dcb228b5a58b74fcc4659802d2b60aa220d762fd

SHA512
d6321e26f35e26aabfc826782913f16b68349c1090956cf470a495e396f0733db805571a7110770ebf798ac12fc62d39e8afa35c3f6fbfb827adfac166115c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe

Filesize
468KB

MD5
a211e5a1618f37efd357c01a65d3495a

SHA1
59531101eff5f58316b8d88ded75119473f0715d

SHA256
918904df5f4ee81a87b86434172e112e82d439e27454ccc9db450e4fff48598a

SHA512
f3904a8df523fe5a4540815b636b80eec9c6290c008414f55413a57db931e699d0d5d884c1f6bd8d4c816c1b9cad56cc482e451b3aee01b4938472fb1a74b501

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe

Filesize
468KB

MD5
6abe521e120743f3782489c38455262b

SHA1
2d971d6e00c15298b9b9e4fd6f662cd86e010e4c

SHA256
13b37beaebcfc611db925e4683e0d4cd0cdd955a57b18366db339d0a34b3b1ce

SHA512
90047ae76c44c4597bb71d7b184af125b54def24b4ca96fe97e7a4eed84993b8d5f61c86c4bbb3de2fa029574f41c3b0e5100cd8b1c7ce9c6dde93bdf2b530d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe

Filesize
468KB

MD5
0e4744597214b90bab81f6c8641f5d60

SHA1
bea08b75b1b6f5dfcc27d35a5a9afcf3505b4d3f

SHA256
0a61ad9d14e5c0cedc8deed293374adca2fd7b679b42bf77da1c31074c9d8cd5

SHA512
b1d5356485b05cdd0231345ffcea8dae71d691d8a3c313d58eccbc71b64c7a2ab1f94b908e6cb02f3701a873104663843cbcc8c86e47b42574bd5e4b808489e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe

Filesize
468KB

MD5
215e12bcc6ee8edb66d110a65e90c800

SHA1
90269b80d33fb8062fac494ba616f6064e5b5f60

SHA256
14c7a7ee4ab968048a00418cba75d8631e7536c280e2b150635e199ae3bed77f

SHA512
f9b923d0b5686946c6cef3f4e876d52793932825cb010fcdf8eee15306605c809340cc36c664afdf8eceae2f1858ea293e41a15104b657c3a78ded50ebff7524

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe

Filesize
468KB

MD5
ad380925a5cc8b4d52a8705155c1e00b

SHA1
d22106ef986c7a644edbdcfa5d458ee1623aa242

SHA256
984717b48e3b633a38dac7397bb3605ae55d2d120637858b6335d08d2c4cb856

SHA512
56db07077c5efa955c6f01a9beef007cb1e9c48e44dad1720d9c4b189ad64e54b2d1a898a2a1a5a1ed582cb1bc816b864b9c604da49daaf6660e0031acb1ccda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe

Filesize
468KB

MD5
15f38820ae5dc839b47aa88c059cde64

SHA1
7ed53af8b0f211c9998aa44e876dd8380365bfab

SHA256
7173ea99a5d8f9b106363c882fdd7f1ada75657424942b34f3c67692d9be5c54

SHA512
c60c11900545ca2e1e50c8fcdb8338682fa82753883cb5e9592e1c0509144b966aa07ffdf7193465839eae5ed7449eaee474a041b876a3bdf709624f076ded6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe

Filesize
468KB

MD5
f7e8e2e8283c2fa95b1c96ed205700c8

SHA1
5fff858251c6630b89ffbd7e26027dcdd06fe3d4

SHA256
115382d3a3aa3279e3255325d4a1ab8d59200cf282f99819a5abb70b7b1c89ad

SHA512
d07e6b6044d425ca5ee022cc50aaaed7e2139ce5dfdb279a82039c0ba38bfb204e29715122b4423ef6759f09e75bdb83b946b2d4346b9127deb54c1cc5ddd0ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exe

Filesize
468KB

MD5
71c89636c58c242c84a4f6f99e700e74

SHA1
29c62a2126eab89399713c55e812626fd9d33bfd

SHA256
87e69e117b7094c7a803581f67e616f5f8fbb9e2e8097e00e924bd3309e52a64

SHA512
e7d1d2a3277ad7dbf02f8bcd0ce56f9a188d8c8312a15a550abd31f3972f1476ead0842eddc284f1282642d108be3b7366e27e36a877a1a64d960abe2c519311

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe

Filesize
468KB

MD5
54701ac57908df868ae21a8ce6e38f3e

SHA1
303023da25442545b0fc7d0c36ed7852495081cb

SHA256
3036342ff7e1cb988765106aa8d8cb5ede4a4be9e12e559024d3180df8048e0b

SHA512
afd779514ca4957fda8eb59c01a70a10d62057891939b3b67096f3c359a186598e71cd9e672db613324399cab121d5a67967e9e028ca7ffe1a8dd2a6f2175dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe

Filesize
468KB

MD5
9bdbe3b7a0c5f06f1c05b94fdc21c8fb

SHA1
078f1a3bf00533f6ea1b34dac908488ac815543c

SHA256
189867fa7803c2f17da7598ebd48d5290701a6dbf4a754648bb3dcb4f64dbce4

SHA512
3b403e54e9d0701bf024338b9092af06ccbc8254042e828e333a322f58830a75cee85b000ed41260014f6d44dab84b6f6322cb20ee201f7e3ddafb484d9ea365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe

Filesize
468KB

MD5
f900026e49bc409b29dbc9305e1c0bb0

SHA1
b5c2917393c43744e78ff2c91a2de95e899eedbd

SHA256
3ea5820d1c7c0ff9f9daa545cbbed53b6c8770e4351160c7c336424fffd02669

SHA512
a32626df070a41e8b37ab2a4b8a843c07f654c2f99265dde7aaafd4093202ae49a99de9139b39baa64e092637048c749235f14943098485b29e7ded7c5dd2713

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe

Filesize
468KB

MD5
db790061c4a08181f9651cb51c209e9e

SHA1
3ada0aafd3bf4ae248166ea4776bfbbbe5c87261

SHA256
fd7942ab4821132c0206fe404cc8c0da31a4afe9dc608a2d8e505e0905f5f54c

SHA512
0445d466d4b0272223b96d7a83131437904cdaeafa9625587a5ea940c4ebec6d1e924959464a735ec93a0cf5d574117772bfdffcf5fdb02a17893ea7b4b583d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe

Filesize
468KB

MD5
c21e76a58fc6e764ccd533e996930454

SHA1
c839ae74fd48f753016522b7f12a2d0d98465688

SHA256
ad80ecb035c9ad690dd9f8f614c7db40bcb80559f5aa97453f87ecd67fb7c6d2

SHA512
a19ec51e95d58a97d549e77778cacf17a5380c043526e55a44470db395bbf44c32830c4205ad5cc6d031f9a55b5f5086b073c9d6e974c089eb32082ee6b4a032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe

Filesize
468KB

MD5
123826f160f5d4cd2e1e9411910e6712

SHA1
cea25c5ab13be76066fdbf5762e28474cba69e59

SHA256
8fa00fc1b946b21c51f2ddcab18310cf27658061fba271b0966f84a25aabf0e5

SHA512
36c802c546cd3c77187fde6133a22df5af4fed21ea45a8007ab53d8c76210644086e3189890f3426a4e8e1dc8f08254e63fa2703c9b750e699b112b5ba27b331

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe

Filesize
468KB

MD5
37da41c44a99b35ae9a9df7b29df8757

SHA1
ddc3e21ae7df2bc23d2ac8e6ccecd48212691a59

SHA256
5fb1297f9bdef1abbee1ee2e71926f4ef52c74c1e0fb5663121a75b7d4a31f53

SHA512
cec8f1c8caca2e2f974cc1fcdacbd6bad1974eeb3cbadadb2786d887ba1d43c961a5228ed22c519452a084debc28d0c51fa1e440e50999729e565f3a5142add7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe

Filesize
468KB

MD5
1ec10d28bf65f0c49124e18656eb3ffb

SHA1
75100aa7b9453cd5ef80e7d04228c87526959ce8

SHA256
1f46167e196ca3fe6817527a216aeb450ee65e85f9ef14c51d4c5805daff1347

SHA512
ac1a96e6093d92dbb78d99c632866b234896f97837946829949346e4505369f0292dfe765127ce81c8100c4b4d7a41fb27d88ea5269a22d45c5411458ce2ece0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe

Filesize
468KB

MD5
ef4713bb81417a8a5c4640e94631330f

SHA1
0b74ef6ea541211f031c76f89b8adc14b3b52575

SHA256
1c41ed67708417f17f5e05e8e8c847d28583a3e643b30fb5a1733fcc484a1e4e

SHA512
40d1da0220c9768c724de198092a3fdd750a5b19851d31a2c911de7361f2c403ba5bf815befcd7803929316b0252ede3b42f5ae9264bbce8b9122fffdab2dbc6

Download Submit
memory/432-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/820-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1040-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1304-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1336-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1476-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1564-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1580-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1596-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2136-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2348-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3092-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3144-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3192-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3224-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3256-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3508-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3748-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3836-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3960-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4120-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4268-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4372-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4612-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4616-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4904-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-572-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-573-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5324-574-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16188-2368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads