28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 19:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe
Size

468KB
MD5

4deaf6594e3cd1d4c51c3276393b3ad9
SHA1

6441706d938476d274f6e3243a59913854c2e978
SHA256

28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd
SHA512

5eaad6b775565e64f78d8046642d6f209a80f5496740fa1bf1ae4a96c57a9ed554864d4cbf64cd40b5c2d63d1ad44b40688d5d39d25a8ae139dba212da44f30d
SSDEEP

3072:BqobogCdj0bU2bYBPz59ff8/5CK3XXpInmHevV+CckR3x6HWezlL:BqIohqU2iP19ffA5SDckpcHWe

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1176	Unicorn-25219.exe
3924	Unicorn-11980.exe
116	Unicorn-16619.exe
4928	Unicorn-10994.exe
3204	Unicorn-41721.exe
3940	Unicorn-21855.exe
3264	Unicorn-25284.exe
4532	Unicorn-16807.exe
2636	Unicorn-54310.exe
4260	Unicorn-33143.exe
1548	Unicorn-9193.exe
3208	Unicorn-53655.exe
1848	Unicorn-53563.exe
3000	Unicorn-24975.exe
4608	Unicorn-22572.exe
3944	Unicorn-17923.exe
2812	Unicorn-45120.exe
1336	Unicorn-64985.exe
4336	Unicorn-28037.exe
4436	Unicorn-17822.exe
832	Unicorn-4087.exe
2088	Unicorn-32121.exe
4912	Unicorn-25899.exe
4604	Unicorn-34072.exe
2076	Unicorn-43003.exe
2204	Unicorn-28704.exe
2644	Unicorn-4108.exe
1064	Unicorn-49780.exe
3108	Unicorn-55255.exe
2484	Unicorn-31305.exe
4104	Unicorn-46822.exe
712	Unicorn-35411.exe
768	Unicorn-11461.exe
3020	Unicorn-23543.exe
664	Unicorn-65130.exe
2192	Unicorn-43963.exe
1904	Unicorn-23351.exe
1300	Unicorn-15182.exe
3744	Unicorn-7682.exe
2428	Unicorn-59484.exe
2208	Unicorn-9728.exe
316	Unicorn-47232.exe
4688	Unicorn-1560.exe
1672	Unicorn-7590.exe
4680	Unicorn-13050.exe
1144	Unicorn-11766.exe
4224	Unicorn-42401.exe
4000	Unicorn-3241.exe
4812	Unicorn-64959.exe
1684	Unicorn-64959.exe
1400	Unicorn-8767.exe
3528	Unicorn-9628.exe
1004	Unicorn-15759.exe
4420	Unicorn-24481.exe
3700	Unicorn-47040.exe
1224	Unicorn-15493.exe
4084	Unicorn-44347.exe
2080	Unicorn-12229.exe
4376	Unicorn-25964.exe
3272	Unicorn-40263.exe
396	Unicorn-7782.exe
2800	Unicorn-46677.exe
1044	Unicorn-1652.exe
1416	Unicorn-49370.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
8656	6124	WerFault.exe	249
14236	15220	WerFault.exe	715
16072	9148	WerFault.exe	473
15980	13720	WerFault.exe	668
20244	14104	Process not Found	907
6752	224	Process not Found	958
20196	3404	Process not Found	939
20608	3156	Process not Found	963

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60028.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
14764	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14236	dwm.exe
Token: SeChangeNotifyPrivilege	14236	dwm.exe
Token: 33	14236	dwm.exe
Token: SeIncBasePriorityPrivilege	14236	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe
1176	Unicorn-25219.exe
3924	Unicorn-11980.exe
116	Unicorn-16619.exe
4928	Unicorn-10994.exe
3204	Unicorn-41721.exe
3940	Unicorn-21855.exe
3264	Unicorn-25284.exe
4532	Unicorn-16807.exe
2636	Unicorn-54310.exe
4260	Unicorn-33143.exe
1548	Unicorn-9193.exe
1848	Unicorn-53563.exe
4608	Unicorn-22572.exe
3000	Unicorn-24975.exe
3208	Unicorn-53655.exe
3944	Unicorn-17923.exe
2812	Unicorn-45120.exe
4436	Unicorn-17822.exe
4336	Unicorn-28037.exe
1336	Unicorn-64985.exe
832	Unicorn-4087.exe
4912	Unicorn-25899.exe
2088	Unicorn-32121.exe
4604	Unicorn-34072.exe
4104	Unicorn-46822.exe
2484	Unicorn-31305.exe
1064	Unicorn-49780.exe
2204	Unicorn-28704.exe
2644	Unicorn-4108.exe
2076	Unicorn-43003.exe
3108	Unicorn-55255.exe
712	Unicorn-35411.exe
768	Unicorn-11461.exe
3020	Unicorn-23543.exe
664	Unicorn-65130.exe
2192	Unicorn-43963.exe
1904	Unicorn-23351.exe
1300	Unicorn-15182.exe
2428	Unicorn-59484.exe
3744	Unicorn-7682.exe
4688	Unicorn-1560.exe
2208	Unicorn-9728.exe
316	Unicorn-47232.exe
1672	Unicorn-7590.exe
4680	Unicorn-13050.exe
1144	Unicorn-11766.exe
4224	Unicorn-42401.exe
3272	Unicorn-40263.exe
4376	Unicorn-25964.exe
3700	Unicorn-47040.exe
2080	Unicorn-12229.exe
1224	Unicorn-15493.exe
4084	Unicorn-44347.exe
4000	Unicorn-3241.exe
3528	Unicorn-9628.exe
1684	Unicorn-64959.exe
1004	Unicorn-15759.exe
4420	Unicorn-24481.exe
1400	Unicorn-8767.exe
4812	Unicorn-64959.exe
2800	Unicorn-46677.exe
1044	Unicorn-1652.exe
1416	Unicorn-49370.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1176	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	82
PID 2436 wrote to memory of 1176	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	82
PID 2436 wrote to memory of 1176	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	82
PID 1176 wrote to memory of 3924	1176	Unicorn-25219.exe	83
PID 1176 wrote to memory of 3924	1176	Unicorn-25219.exe	83
PID 1176 wrote to memory of 3924	1176	Unicorn-25219.exe	83
PID 2436 wrote to memory of 116	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	84
PID 2436 wrote to memory of 116	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	84
PID 2436 wrote to memory of 116	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	84
PID 3924 wrote to memory of 4928	3924	Unicorn-11980.exe	85
PID 3924 wrote to memory of 4928	3924	Unicorn-11980.exe	85
PID 3924 wrote to memory of 4928	3924	Unicorn-11980.exe	85
PID 116 wrote to memory of 3204	116	Unicorn-16619.exe	87
PID 116 wrote to memory of 3204	116	Unicorn-16619.exe	87
PID 116 wrote to memory of 3204	116	Unicorn-16619.exe	87
PID 1176 wrote to memory of 3940	1176	Unicorn-25219.exe	86
PID 1176 wrote to memory of 3940	1176	Unicorn-25219.exe	86
PID 1176 wrote to memory of 3940	1176	Unicorn-25219.exe	86
PID 2436 wrote to memory of 3264	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	88
PID 2436 wrote to memory of 3264	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	88
PID 2436 wrote to memory of 3264	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	88
PID 4928 wrote to memory of 4532	4928	Unicorn-10994.exe	89
PID 4928 wrote to memory of 4532	4928	Unicorn-10994.exe	89
PID 4928 wrote to memory of 4532	4928	Unicorn-10994.exe	89
PID 3924 wrote to memory of 2636	3924	Unicorn-11980.exe	90
PID 3924 wrote to memory of 2636	3924	Unicorn-11980.exe	90
PID 3924 wrote to memory of 2636	3924	Unicorn-11980.exe	90
PID 3204 wrote to memory of 4260	3204	Unicorn-41721.exe	91
PID 3204 wrote to memory of 4260	3204	Unicorn-41721.exe	91
PID 3204 wrote to memory of 4260	3204	Unicorn-41721.exe	91
PID 116 wrote to memory of 1548	116	Unicorn-16619.exe	92
PID 116 wrote to memory of 1548	116	Unicorn-16619.exe	92
PID 116 wrote to memory of 1548	116	Unicorn-16619.exe	92
PID 1176 wrote to memory of 3208	1176	Unicorn-25219.exe	94
PID 1176 wrote to memory of 3208	1176	Unicorn-25219.exe	94
PID 1176 wrote to memory of 3208	1176	Unicorn-25219.exe	94
PID 3264 wrote to memory of 1848	3264	Unicorn-25284.exe	95
PID 3264 wrote to memory of 1848	3264	Unicorn-25284.exe	95
PID 3264 wrote to memory of 1848	3264	Unicorn-25284.exe	95
PID 3940 wrote to memory of 3000	3940	Unicorn-21855.exe	93
PID 3940 wrote to memory of 3000	3940	Unicorn-21855.exe	93
PID 3940 wrote to memory of 3000	3940	Unicorn-21855.exe	93
PID 2436 wrote to memory of 4608	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	96
PID 2436 wrote to memory of 4608	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	96
PID 2436 wrote to memory of 4608	2436	28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe	96
PID 4532 wrote to memory of 3944	4532	Unicorn-16807.exe	97
PID 4532 wrote to memory of 3944	4532	Unicorn-16807.exe	97
PID 4532 wrote to memory of 3944	4532	Unicorn-16807.exe	97
PID 4928 wrote to memory of 2812	4928	Unicorn-10994.exe	98
PID 4928 wrote to memory of 2812	4928	Unicorn-10994.exe	98
PID 4928 wrote to memory of 2812	4928	Unicorn-10994.exe	98
PID 2636 wrote to memory of 1336	2636	Unicorn-54310.exe	99
PID 2636 wrote to memory of 1336	2636	Unicorn-54310.exe	99
PID 2636 wrote to memory of 1336	2636	Unicorn-54310.exe	99
PID 4260 wrote to memory of 4336	4260	Unicorn-33143.exe	100
PID 4260 wrote to memory of 4336	4260	Unicorn-33143.exe	100
PID 4260 wrote to memory of 4336	4260	Unicorn-33143.exe	100
PID 3924 wrote to memory of 4436	3924	Unicorn-11980.exe	101
PID 3924 wrote to memory of 4436	3924	Unicorn-11980.exe	101
PID 3924 wrote to memory of 4436	3924	Unicorn-11980.exe	101
PID 3204 wrote to memory of 832	3204	Unicorn-41721.exe	102
PID 3204 wrote to memory of 832	3204	Unicorn-41721.exe	102
PID 3204 wrote to memory of 832	3204	Unicorn-41721.exe	102
PID 1548 wrote to memory of 2088	1548	Unicorn-9193.exe	103

C:\Users\Admin\AppData\Local\Temp\28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe
"C:\Users\Admin\AppData\Local\Temp\28e13b5367c470ba207e2651a96d1ebab2e1584bf5001a9a8cf14ab31e3a04fd.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        8⤵
        Executes dropped EXE
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        11⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        11⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        11⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
        10⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        9⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        10⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
        9⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        10⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        11⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        11⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        10⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        10⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        9⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        9⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        9⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        9⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        9⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29490.exe
        8⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        11⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        11⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        9⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        9⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        8⤵
        
        PID:18772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        9⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        10⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        9⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        9⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        8⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        7⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe
        10⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        10⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        9⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        9⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        9⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48323.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        8⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        7⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        7⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        9⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        7⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        6⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        7⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        7⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        6⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        7⤵
        
        PID:18084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        6⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
        5⤵
        
        PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        10⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        10⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        10⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        9⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        9⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        9⤵
        
        PID:18780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        9⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        9⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        8⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13720 -s 436
        9⤵
        Program crash
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        8⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        9⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        8⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        7⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        6⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        9⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        7⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        7⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        7⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        9⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        7⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        6⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        8⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        7⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        6⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        5⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        5⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        6⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31609.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        5⤵
        
        PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
        7⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        5⤵
        
        PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
      4⤵
      PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
      4⤵
      PID:15368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        9⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        9⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        8⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        8⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        7⤵
        
        PID:18532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        6⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        7⤵
        
        PID:15220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15220 -s 72
        8⤵
        Program crash
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        7⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        6⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        6⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        6⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        6⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        5⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        5⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
      4⤵
      PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      4⤵
      PID:16576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        6⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        8⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        7⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        7⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        7⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        6⤵
        
        PID:17828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        6⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        6⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        6⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
      4⤵
      PID:13564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        9⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        8⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        7⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27220.exe
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
        5⤵
        
        PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        7⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
      4⤵
      PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
      4⤵
      PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
      4⤵
      PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
      4⤵
      PID:17948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
    3⤵
    PID:7668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
    3⤵
    PID:11288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
    3⤵
    PID:18044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        9⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        10⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
        10⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        10⤵
        
        PID:17744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        9⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        9⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        9⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        9⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        8⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        8⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
        6⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        9⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        9⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47414.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        8⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        7⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        6⤵
        
        PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        6⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        9⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        8⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-586.exe
        8⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        7⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        6⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        5⤵
        
        PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50932.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        7⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        6⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        6⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        7⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        5⤵
        
        PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
      4⤵
      PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      4⤵
      PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        6⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        5⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27679.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        6⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        5⤵
        
        PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        5⤵
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        7⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 604
        8⤵
        Program crash
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
        5⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        7⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        6⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57974.exe
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        5⤵
        
        PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
      4⤵
      PID:732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        7⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34297.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        7⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        6⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        5⤵
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        5⤵
        
        PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
      4⤵
      PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
      4⤵
      PID:17884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        5⤵
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
      4⤵
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
      4⤵
      PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
      4⤵
      PID:17872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        5⤵
        
        PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
      4⤵
      PID:17812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
    3⤵
    PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
      4⤵
      PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
    3⤵
    PID:12804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
    3⤵
    PID:4544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        8⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        7⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        7⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        6⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        5⤵
        
        PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        5⤵
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
      4⤵
      PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
      4⤵
      PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        7⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        5⤵
        
        PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
      4⤵
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        5⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        5⤵
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
      4⤵
      PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        5⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
      4⤵
      PID:14120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        6⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        6⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        5⤵
        
        PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
      4⤵
      PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
      4⤵
      PID:15696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
    3⤵
    PID:12148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
    3⤵
    PID:1524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        7⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        7⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
      4⤵
      PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        5⤵
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        5⤵
        
        PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
      4⤵
      PID:6628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        5⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        5⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40433.exe
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        6⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        5⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        5⤵
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
      4⤵
      PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        5⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
      4⤵
      PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
    3⤵
    PID:6124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 636
      4⤵
      Program crash
      PID:8656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
    3⤵
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
      4⤵
      PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
    3⤵
    PID:14072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
    3⤵
    PID:4400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
      4⤵
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        5⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        5⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
      4⤵
      PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
      4⤵
      PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      4⤵
      PID:17752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
    3⤵
    PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
      4⤵
      PID:16344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
      4⤵
      PID:15560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
    3⤵
    PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
    3⤵
    PID:5180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
    3⤵
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        5⤵
        
        PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
      4⤵
      PID:11560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
    3⤵
    PID:8068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
    3⤵
    PID:3252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
  2⤵
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
      4⤵
      PID:13768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
    3⤵
    PID:13404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
    3⤵
    PID:4572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
  2⤵
  PID:7696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
    3⤵
    PID:10892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
    3⤵
    PID:15616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
    3⤵
    PID:15712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
  2⤵
  PID:11716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
  2⤵
  PID:13984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
  2⤵
  PID:16488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 6124 -ip 6124
1⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 13720 -ip 13720
1⤵
PID:15612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 9148 -ip 9148
1⤵
PID:15932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:14764

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14236

Network

DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

98.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.117.19.2.in-addr.arpa

IN PTR

Response

98.117.19.2.in-addr.arpa

IN PTR

a2-19-117-98deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

98.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

98.117.19.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe

Filesize
468KB

MD5
5e442c3ab41edbaadf00620e169a432c

SHA1
30f655efd4110cc3e03ec09454fc385b8d30a504

SHA256
9d2aedd4bdbb3c9a0dbf5831b4dae37a53657e9e9b908ac214950160f963db37

SHA512
d8f716759dbc3522501d6da94ccf986ff5ad89a9d12f81d2829e32f0bb57362e87213f06d53df84451f5c38106b73775480b914a548d4bedc09daa63a3743399

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe

Filesize
468KB

MD5
05c5107c0e098199300c33075065e5d5

SHA1
2059d7cdceaaa80acf6861aaa46a189f1cfc3038

SHA256
f159f69d489bcf51dfaa42ac25fc0b9e0f9e6be49996e70a8702aaadc1bef5d1

SHA512
b81ac6049aea0cd9ab35087ecaf3355656512d3ea224282f08af57b881794e5acbf3c8ee7bf297b976a764116e6b19edc82a94a657be25e266591f285164a1b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe

Filesize
468KB

MD5
96701e4b6900b5c652953cd4d6a8c3e9

SHA1
4002294fd380ae7fc2f51a24546dad4e5bed4149

SHA256
16ca8ab5edfc1e48a9010b545247574eca052b9bb5444d935cd886792cc1585d

SHA512
b6072de5ce82af7b1f913a2af823410140f6facf042ab7e207d5b4f7c8360e232562911a6208192bc1acf94f0c4d62537ff698f18b71ee77f229c8216bd02fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe

Filesize
468KB

MD5
fd084b472e6a8681887330b159b9ce42

SHA1
5ef77054876bfeb04e215c185258dcb7a793767e

SHA256
57dbf8a1eb6f6da7909fd6de63f4552a8f336666426f434ce3e9b3ce8a9a8ac2

SHA512
656bd3f9eafc9b355838e6496e68f167232f73eaeccc6b45887a2a1b6444c902f5015446b33d2cd65bb7f364e3fd759296a3dcd3f2376b629a9f75dae48235f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe

Filesize
468KB

MD5
5e67430f1bfe3db1dc780d36566a32ef

SHA1
907831cf5b3f52d0204bac05b100400e9d4a618a

SHA256
aa7c202adb4dd9eab76172ae5aea42732fc5029299963a70905aaaea26a478f7

SHA512
c3ed373f83ec5a65772e2ff9b4b1b6f4dd34782e6671d6cf08a91f5267d0706861dab129b10e6765226282923d1249c41405a5e6a30a6fb9491fa932d2dc7e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe

Filesize
468KB

MD5
00d834d886e69217ecb17ab11e7e7547

SHA1
9a6c12b330a60d7aa8684caf49debf43081e93bb

SHA256
32b4a3e8b5dd6769afc7e3893ff299ae23f277974703461d1354ce05a57d7bf7

SHA512
604bff4643f0762b8c33af70bb6bb2c9ecdd4bd674eac0b2f144daecdfb8a9205432e8d258ae94bd526071cf124923d2011b28a217c65a4370aef09d11207e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe

Filesize
468KB

MD5
c08e3c3e2c0f9257b773d5d7737cbdcf

SHA1
affbefeffb027cabe2b9e278b0e336e61927059a

SHA256
abaf22f60ecf61ca04512991d70970474db4379e5c9e3031a63885bb5bee7196

SHA512
34bfb6347b9c90190ff945822b73ff2bfbe4741d58e2e956a044038c4317768f01ed81b17209d24c80c0072e61bffce17107147cef10c9330da2aaf2823de8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe

Filesize
468KB

MD5
93f7de35175e8ce0644a656a1aacec59

SHA1
16c0ca03d0ca736266327dbeb634e8b246ecfd84

SHA256
c5e4a943f0df2279ed1fd9a25849d81846f06e4bb85918c9544cccfaeff5a836

SHA512
53673090ebcffccc70bde1827564c8c1051ed3aa70ccc93dc3d820ad0ac6844345be681aae25d6fc5244ab4503e5e05aaeb6fe81d5d1c968ec655566f95ac8c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe

Filesize
468KB

MD5
146d8bd77b766e39d1fc88d612a372b1

SHA1
a81c44a548a0f305b5456424a9eaa3f6a6f9f059

SHA256
4ca4cddf15e7397abd4727e945fb4b5fc3a78e4aa71aa53208a46532382afe89

SHA512
6344e475a37bc3fcb39660b9c89c2840be96012bbb23d79ec4f21bf7a6ba73ee37f9ce00b812f880a0ee4da27e1e2c6512daa068dcb8f62dc3f34879cd1e0b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe

Filesize
468KB

MD5
88624f5387059cb3c3f41d4973fcbdbe

SHA1
3f2ec64bf7d5b57bc87ec37626d8883836a1e19a

SHA256
fc28a6b24bf5eec1d22a979caba3c1a69a2936871d45d63804423b7968a84b47

SHA512
5a112e34501137ee69dff54845bf8371e03e4ac8a89dd62816cc0ce26ba36e6d3dca66dfe886b3c3059a3130b027efb9b770d7f514d063db5dcdc967e20384ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe

Filesize
468KB

MD5
b7051235a20a39da837592eab3e5d53d

SHA1
f75a9a9f9977cf0ae13cdf9c81aeb8f954e8240a

SHA256
fa74cc175afce77049f71cf198353f4a2e7a7559ddfc6a3af9cf4b88fed88dc2

SHA512
de56ce3297af7d8943c0018e6d827452c265fee2ed7aa818d194315a539aae46b4c9832464779f63167d094c72ec9bd9872ddc149113c4bdcb5209d3f92962e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe

Filesize
468KB

MD5
1cb691eeba372896fa703ed0a0fc5b4c

SHA1
2c49846aa90f9a2ae434319737dbe5c2485878b1

SHA256
9688e3c9c36acf5e93b85ce3c6e44a6eebffdf3d9d4d74df6aedc088c7fe6310

SHA512
d20db38bb746d56cfb1caea704ad6a775c46d820747c19c19c306c67874a9467bde9c6c60ba318a6ac3cc742a46c188c18d30e13d61dbd1ae39851c6d4aaccb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe

Filesize
468KB

MD5
fe147cfb0410baa6e8ac7834c264ca4c

SHA1
6f267b6652d6c35cc1dbaf6a562edac2cae5b146

SHA256
8dd6ed0377155f6d81a9f53a4b49f74e9e5b8c8cb1df4d25a70c6f5a352c6aea

SHA512
cc745177d55d8333fdc3943ee476b459bf7f9819e79a353fe509b18d1ae5b6583644e450f205d38622cc30f26be353535f1f9079da628af8bc4619749db55947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe

Filesize
468KB

MD5
2bac2752395b96accacb61bceaecc300

SHA1
e81e452e338a93876a345a358adac6261329a56f

SHA256
3388dea56eeea160b558b25376e02200de65804ee37a0d8d7df7565d9df832a3

SHA512
86686f95e54e5dfddfcde4816eb64ddc56ac6fec613e0783787da63c935c461f718f99fe76d8599c75dabe707640b5745053d13430714262b30d6429bcb13b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe

Filesize
468KB

MD5
4b7ead3b49864c7548ba5246390656cb

SHA1
01c497add855ceead4000c2205e7c5f8c940325b

SHA256
da78b504728f8ab6fd6a4792bf4396cca860217130e33b048fcf0f33f97fa058

SHA512
bd0df21d2aac6a8a3a162bb99cdf827a21110a27294bc2db149c1bc768256c2124fe74739b03f89026618764a81bf8be61206c7028f48f9c7381636830ed00a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe

Filesize
468KB

MD5
8c80b1915ac8c29e56a61bcabd7f7f9a

SHA1
8c60f733440cdc65a1265fe8bc17eef217806860

SHA256
cbe2845628390fdacfe93dd5a90652a82a03e13a7ec2e66b4c74fd82af9b5806

SHA512
1bc22d8e5b31715a4407b53254367e04c72ca8be38f98117545949b3f61b74650e2f9c7028154d8299d501984cbd4f87577223a9f118c07261eb8bbfa76742b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe

Filesize
468KB

MD5
9eb0b333b2c3156e6854a7771306b463

SHA1
57300499e23992043663d5a7531fa795000bd1bf

SHA256
dc0c5fcd74994a045c946335ad22c07b808040257dded4472c86cff6fbaa16b8

SHA512
4249286e25ada1cd4377df018f3a7211a714eba0aa0179dfba1ee020915a16ebc27912aad7789347452ef5219a8c42606b9958db719ce93e9c81744337d08af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe

Filesize
468KB

MD5
0c518a17e46ae19682c8f766f30adc24

SHA1
96769b58211a68a39ccc9d9ad1ffb84ed9c10169

SHA256
64b191bd4490abdcd29fc706bd82e408ecd921958de3e1ce000fcf0d6ed8eb0b

SHA512
24c91f5b252519303c8ce5fb95f7d185f83451827b3d95e504ce51b28f4c772b7d00de4cf8a31bd526f0813ad62fa1300f91eb7853db6af1515d4548b3d4695c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe

Filesize
468KB

MD5
41320cd23bf89ae644d5046fa823467c

SHA1
4f7b335020fd4d086f1c42b90da1c2e04a183c5e

SHA256
b33c68320bf6fc63b9a5791acda830b765219ea5a24848de433ef1b233690e83

SHA512
c77bf15d9cae9d803448d9f2eea2aa9d796b7479d0b8f7686e74bfca51056660cb54102aabdd7f88a63e71f4ac65a05551572de9a67943a3bc16187ac795c58e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe

Filesize
468KB

MD5
ebd9f422b8ee59c6a40d1f791b5be151

SHA1
5bcadb1202efae722e5fd1b6ebe05417209bb670

SHA256
50f63f9f74c1f23a6a769caffdd310969a1d1a226eb7e43c9e18643bfbb2b46c

SHA512
61e15592d338ea95378f48bce87b426b3802b838b7bcbce1b08ef1626664023f6b8767da8c9adb010c3361689e78c5a259ef4d61cabee089023a7cc48de68465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe

Filesize
468KB

MD5
0d8aa972309ad0cb3577f2ad52a6f71f

SHA1
5637b4dc9aa69c34e97d3f6771080f30f1f20f49

SHA256
944b1d6834222f0540e0bafdaf493c6c944a375c6e0e4da3b93e24bc60dc1222

SHA512
54ce87861ec518f7ef389d8bcb81e79ae07d3b0fa132ed9ee3b257dfeada9faa4d7541a2910de99a4f1b795fc651c4be078a11a6352a1be0ad5b02bc16f81e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe

Filesize
468KB

MD5
ab608b148a92dfd09d4699d72c22beba

SHA1
05362ea82026a2793d6b82ce1acc522e12aad27c

SHA256
d1266b911713a918373aa052aef8bb7b64a269a73e06b17972743fe4a7858890

SHA512
ad17998ea960d6d6d46d33d8a5595153f341e79439c7f0b0b2ff31456e54313729e79454b6289282c62ebdab43a075ffe7f08a10ca6fa3d36a1e89cceafca8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe

Filesize
468KB

MD5
d91f3831eac19156ce04e36956977036

SHA1
bc3502efe7ab931185c5cc2d889c9166a612d216

SHA256
7a8214e617e64fb83aad11de3942e5e7f2c633386c399b38869e777024aee3e6

SHA512
27f4d1e52c9ffc5cc900bdcb2d41eec17f46997f719be20b22743337e54a13aea3eb37a138d38c3b0e3f4fe69a7f0fe7de74bfed35173e35ce173969bae7932c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe

Filesize
468KB

MD5
7a87a64d4e5328c6f39b5a4a704d8e31

SHA1
4cd2060eca0b4cf6c8006366767104e2ac53f449

SHA256
fd55a832ba7b23feabebb8d83dc65e4d297986c5134f6b2ac6ebbd11730a0fa7

SHA512
2a576b9ca52c8e032df159dad1f52e2847d5db52f77ec132626360a1c9f144415c9c2cafcae1aaa36996c9ce61c3125aac9495433fa6564632e1ac8c239d9901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe

Filesize
468KB

MD5
f32ed7d2a9eda1e29f8d7ff0cede7082

SHA1
f5748d082ca0496241652a666e67dd9d0540292a

SHA256
f20a5e64f02ce583a1076c322c40347a4c8df97a4f718b3540bd303aac2f0411

SHA512
2c9260767727152e20f655509b2842cf34809673521533f3488e3b30711a77ae41dd3c424ec58573250cfea73d2bb6f6ebddb41894ac050c921ff485ec93c35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe

Filesize
468KB

MD5
ace9dcef992d7c033f3ab5a250ee40c6

SHA1
3901bce75c6ff6b96144f88d27c1d5a6fd8c721c

SHA256
a1184f08ad5a7bcdbeb7a1531068a7b40321fbde2cfe33cc445ef7e0ef10099d

SHA512
7011ee9eb5bd4a70e77f7a6ffa417ad1fd026dcaffa0d65bb9653c010bb72a7a99220296afda5fe90c9454fb523e90136bdfac30d89e35601cb29f744e58f342

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe

Filesize
468KB

MD5
7a3018ca34ecd880b4070a0da4c0e209

SHA1
592408c1c841ffa1ab63ea4b3949ab1b68f4d922

SHA256
a80b3249df0a751c6b45904dab2a29cf985e511060fc2f030b7509c8424019ab

SHA512
e4c4c9f46160b504b39f90797896b7c838f84025fe5038d21c450c9aacef23175e4635d89061f200aa26b8b99d750238d38f9c65ad2a467709aefc537633d7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe

Filesize
468KB

MD5
f694b9583866102b8dae9015b816fe09

SHA1
ac5227b4646dfd599f9fee8059521a8fbd4528f1

SHA256
1f59a217774c06b400eb21ec99446d3eec0b10dcc246633cf29f0377e6d29b1e

SHA512
8e380e453b6dd45e307e19a47da513324454db9374523b80a76f34eb50670f93dec2d4e82fa238d1b5d0a98b45cef6dfb8005d2f1ea3e72af155d3a51c3bf1c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe

Filesize
468KB

MD5
bcb0597b9851f738fa133e0351f10368

SHA1
3f464e4c13004cddde41b81b854f1cdbea86742a

SHA256
b21a4ef0b4e52daad64d15c9aec088fd50d57ec0247e2455010741bd2f710bb3

SHA512
64ed4ddd6aec0f55afd70c689d300ecf5daa0d6bbb3b2e312580e1afc67e7bf20cda2a51e6e039d966d98fb3d282cd6d8df56d5c60157f4be07d99456c3ee05c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe

Filesize
468KB

MD5
345bb7526ab3db1de0f40393d4d2c641

SHA1
197963ed841741df64b4e898a8abe395442046cd

SHA256
5800a3ec16a65e75c623058fdf6ecba7a7e6f5675fc271831af29b5a6347bad5

SHA512
ac55327cee17db92c882adcd679f3212183a86bddb45cb4bd7b40549b720d34ec732f8bd854f821f58b262014e745fae22c777312d85fa4d70622dabf16e1ff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe

Filesize
468KB

MD5
6159d6500c5b9b149c282ee00fdf21fe

SHA1
cfb4dc2042002dcca9b71364de08541fea77b0c5

SHA256
74e14c484cbeeff1c973c1e223641ea8bf037922c9ac12cd8402387f3b340471

SHA512
b17c6ab1a5bb2dadc069f2b31499182dcab7a6f565881038818c378c70459c43172d21ed53cf54632ecf027925610e9b2447d69288c9c80ad04e4550a33f19fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe

Filesize
468KB

MD5
36df580ae023d598e5951dd1bca80f95

SHA1
f2c20496ea04ea063e01ea2c244cf7a143c2afe2

SHA256
b4f10deb9e5f0456754560951e075144a5181a5ddf9eb8ed4b8af3449ef9d53b

SHA512
fc8778c999df1cb3889cf3cdcd6d8512789e0530910d5fe320cb50440d52d4c429bba9d221bf54a6e874ebf702b2707a82cbfb49bf61a87c878da788f9bdc665

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe

Filesize
468KB

MD5
540e9c77033c4c093a3dc6c8a81ad193

SHA1
516b7daee46e77eadeca984f364eeba03dfb95ec

SHA256
91927e2c8db967531949cc8ffab4620fcdf3215f49769a4e92db917a8e26ea5a

SHA512
12510c4437a3ddf37acc80dd4877f2c84e9996f3d54d54963be8d8ff65a8447918969339ee6c1292e7d8115f3422ee75df9f5a4d7e0bf2447357a832d6c7fd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe

Filesize
468KB

MD5
e2a53867f7ef586177c6731ed6726874

SHA1
5a2e0c53ed929ef876c4e33846c1e7662f5a28b6

SHA256
33a52aec7bd3aa49fd083c29a303c2b59f9a4e2c0a161c40943308c956b707c1

SHA512
03651032c0c9285ca5c0c02873cc15bf7e3cdb6cf3ff34f2355a43baeb7a3d62a02a9f5290c2d7533e1aab703768694a0ae07fd78f13cba092b9d83a0e115637

Download Submit
memory/116-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/316-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/332-574-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/408-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/664-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/712-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/824-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/832-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1004-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-573-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1128-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1144-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1300-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1336-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1548-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1804-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1848-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1904-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2000-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2136-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2428-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2448-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2484-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2644-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-580-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3108-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3116-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3264-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3272-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3700-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3744-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3924-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4044-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4084-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4608-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4680-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4688-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4932-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-5037-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13984-2706-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14608-3275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15252-2587-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15420-3236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15796-3144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15956-2801-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16188-2816-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16520-5017-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17956-5156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17980-5169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/20964-4641-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.