3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe
Size

468KB
MD5

cc989a435c0c0671886800999761ddad
SHA1

4d8eb223e33401ffd8261f4e3c451fcfe3240df3
SHA256

3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b
SHA512

55d57d60ef6739cd3bc6bc364fb498e93fa06d71eea5a9c83b4c4ddcc3c996fd6b41d7e652c474b09e74aa58cd1c65f75d98947c1d3ab039fbfc15e7e5ad611e
SSDEEP

3072:8q2soXWxj28U2bYcPz3gqf8/lCZjG4plPmHx8/HtvOC+2A0N+nlS:8qhoAXU2XPDgqf0EcIvOFn0N+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
656	Unicorn-42151.exe
1160	Unicorn-26775.exe
852	Unicorn-10993.exe
2716	Unicorn-40733.exe
4808	Unicorn-60599.exe
4732	Unicorn-58553.exe
2332	Unicorn-15243.exe
4436	Unicorn-44045.exe
4828	Unicorn-48129.exe
780	Unicorn-28263.exe
1764	Unicorn-46083.exe
940	Unicorn-17403.exe
3720	Unicorn-53894.exe
4072	Unicorn-44521.exe
5088	Unicorn-50651.exe
3164	Unicorn-55311.exe
4576	Unicorn-8803.exe
552	Unicorn-6110.exe
2000	Unicorn-59950.exe
3176	Unicorn-63287.exe
456	Unicorn-12140.exe
4048	Unicorn-57812.exe
4724	Unicorn-51035.exe
1860	Unicorn-23023.exe
4424	Unicorn-10094.exe
4936	Unicorn-52987.exe
4736	Unicorn-26842.exe
4420	Unicorn-50301.exe
3160	Unicorn-19309.exe
4252	Unicorn-65246.exe
4892	Unicorn-25605.exe
3556	Unicorn-56331.exe
3148	Unicorn-21612.exe
3084	Unicorn-7877.exe
3704	Unicorn-64499.exe
3740	Unicorn-18013.exe
3724	Unicorn-37041.exe
876	Unicorn-37041.exe
4432	Unicorn-50777.exe
2628	Unicorn-58661.exe
3880	Unicorn-34157.exe
4992	Unicorn-49102.exe
2952	Unicorn-7514.exe
1248	Unicorn-60037.exe
4776	Unicorn-26565.exe
1576	Unicorn-64068.exe
4492	Unicorn-53207.exe
1332	Unicorn-38047.exe
2832	Unicorn-61467.exe
3656	Unicorn-1795.exe
1380	Unicorn-2060.exe
2104	Unicorn-12921.exe
4788	Unicorn-31587.exe
4384	Unicorn-24619.exe
1464	Unicorn-114.exe
3056	Unicorn-114.exe
2732	Unicorn-64836.exe
1820	Unicorn-58059.exe
3124	Unicorn-64281.exe
2212	Unicorn-53975.exe
4868	Unicorn-64281.exe
1872	Unicorn-44416.exe
756	Unicorn-37639.exe
3368	Unicorn-23803.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
6764	5252	WerFault.exe	1063
7340	15180	WerFault.exe	778
19392	17392	Process not Found	954
5992	15624	Process not Found	854

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51990.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
14604	Process not Found
14628	Process not Found
14672	Process not Found
14692	Process not Found
1208	Process not Found
14660	Process not Found
10136	Process not Found
2860	Process not Found
10564	Process not Found
10144	Process not Found
10436	Process not Found
5096	Process not Found
10840	Process not Found
5556	Process not Found
10852	Process not Found
5188	Process not Found
5456	Process not Found
5724	Process not Found
2868	Process not Found
3244	Process not Found
3928	Process not Found
2720	Process not Found
1500	Process not Found
2704	Process not Found
2352	Process not Found
4928	Process not Found
5840	Process not Found
5416	Process not Found
1136	Process not Found
5196	Process not Found
5192	Process not Found
15664	Process not Found
17520	Process not Found
16816	Process not Found
15868	Process not Found
11096	Process not Found
7704	Process not Found
11080	Process not Found
7776	Process not Found
11112	Process not Found
14700	Process not Found
15200	Process not Found
10060	Process not Found
10080	Process not Found
10116	Process not Found
9392	Process not Found
8624	Process not Found
9320	Process not Found
9300	Process not Found
10592	Process not Found
7996	Process not Found
8000	Process not Found
10368	Process not Found
10400	Process not Found
10248	Process not Found
10264	Process not Found
15660	Process not Found
10312	Process not Found
10352	Process not Found
8068	Process not Found
5984	Process not Found
3688	Process not Found
10964	Process not Found
10976	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15920	dwm.exe
Token: SeChangeNotifyPrivilege	15920	dwm.exe
Token: 33	15920	dwm.exe
Token: SeIncBasePriorityPrivilege	15920	dwm.exe
Token: SeCreateGlobalPrivilege	5812	dwm.exe
Token: SeChangeNotifyPrivilege	5812	dwm.exe
Token: 33	5812	dwm.exe
Token: SeIncBasePriorityPrivilege	5812	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe
656	Unicorn-42151.exe
1160	Unicorn-26775.exe
852	Unicorn-10993.exe
4808	Unicorn-60599.exe
2716	Unicorn-40733.exe
4732	Unicorn-58553.exe
2332	Unicorn-15243.exe
4436	Unicorn-44045.exe
4828	Unicorn-48129.exe
940	Unicorn-17403.exe
780	Unicorn-28263.exe
3720	Unicorn-53894.exe
1764	Unicorn-46083.exe
4072	Unicorn-44521.exe
5088	Unicorn-50651.exe
3164	Unicorn-55311.exe
4576	Unicorn-8803.exe
552	Unicorn-6110.exe
2000	Unicorn-59950.exe
3176	Unicorn-63287.exe
456	Unicorn-12140.exe
4736	Unicorn-26842.exe
4048	Unicorn-57812.exe
4936	Unicorn-52987.exe
4724	Unicorn-51035.exe
1860	Unicorn-23023.exe
4424	Unicorn-10094.exe
4420	Unicorn-50301.exe
3160	Unicorn-19309.exe
4252	Unicorn-65246.exe
4892	Unicorn-25605.exe
3556	Unicorn-56331.exe
3148	Unicorn-21612.exe
3084	Unicorn-7877.exe
3704	Unicorn-64499.exe
3740	Unicorn-18013.exe
4432	Unicorn-50777.exe
876	Unicorn-37041.exe
3724	Unicorn-37041.exe
2628	Unicorn-58661.exe
3880	Unicorn-34157.exe
2952	Unicorn-7514.exe
1248	Unicorn-60037.exe
4992	Unicorn-49102.exe
1576	Unicorn-64068.exe
4776	Unicorn-26565.exe
2832	Unicorn-61467.exe
4492	Unicorn-53207.exe
3656	Unicorn-1795.exe
2104	Unicorn-12921.exe
1380	Unicorn-2060.exe
1332	Unicorn-38047.exe
4788	Unicorn-31587.exe
4384	Unicorn-24619.exe
1464	Unicorn-114.exe
3056	Unicorn-114.exe
1820	Unicorn-58059.exe
4868	Unicorn-64281.exe
2212	Unicorn-53975.exe
2732	Unicorn-64836.exe
3124	Unicorn-64281.exe
1872	Unicorn-44416.exe
756	Unicorn-37639.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 656	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	82
PID 2316 wrote to memory of 656	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	82
PID 2316 wrote to memory of 656	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	82
PID 656 wrote to memory of 1160	656	Unicorn-42151.exe	83
PID 656 wrote to memory of 1160	656	Unicorn-42151.exe	83
PID 656 wrote to memory of 1160	656	Unicorn-42151.exe	83
PID 2316 wrote to memory of 852	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	84
PID 2316 wrote to memory of 852	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	84
PID 2316 wrote to memory of 852	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	84
PID 656 wrote to memory of 2716	656	Unicorn-42151.exe	85
PID 656 wrote to memory of 2716	656	Unicorn-42151.exe	85
PID 656 wrote to memory of 2716	656	Unicorn-42151.exe	85
PID 1160 wrote to memory of 4808	1160	Unicorn-26775.exe	86
PID 1160 wrote to memory of 4808	1160	Unicorn-26775.exe	86
PID 1160 wrote to memory of 4808	1160	Unicorn-26775.exe	86
PID 2316 wrote to memory of 4732	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	87
PID 2316 wrote to memory of 4732	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	87
PID 2316 wrote to memory of 4732	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	87
PID 852 wrote to memory of 2332	852	Unicorn-10993.exe	88
PID 852 wrote to memory of 2332	852	Unicorn-10993.exe	88
PID 852 wrote to memory of 2332	852	Unicorn-10993.exe	88
PID 4808 wrote to memory of 4436	4808	Unicorn-60599.exe	89
PID 4808 wrote to memory of 4436	4808	Unicorn-60599.exe	89
PID 4808 wrote to memory of 4436	4808	Unicorn-60599.exe	89
PID 2716 wrote to memory of 4828	2716	Unicorn-40733.exe	90
PID 2716 wrote to memory of 4828	2716	Unicorn-40733.exe	90
PID 2716 wrote to memory of 4828	2716	Unicorn-40733.exe	90
PID 1160 wrote to memory of 780	1160	Unicorn-26775.exe	91
PID 1160 wrote to memory of 780	1160	Unicorn-26775.exe	91
PID 1160 wrote to memory of 780	1160	Unicorn-26775.exe	91
PID 656 wrote to memory of 1764	656	Unicorn-42151.exe	92
PID 656 wrote to memory of 1764	656	Unicorn-42151.exe	92
PID 656 wrote to memory of 1764	656	Unicorn-42151.exe	92
PID 4732 wrote to memory of 940	4732	Unicorn-58553.exe	93
PID 4732 wrote to memory of 940	4732	Unicorn-58553.exe	93
PID 4732 wrote to memory of 940	4732	Unicorn-58553.exe	93
PID 2316 wrote to memory of 3720	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	94
PID 2316 wrote to memory of 3720	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	94
PID 2316 wrote to memory of 3720	2316	3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe	94
PID 852 wrote to memory of 4072	852	Unicorn-10993.exe	99
PID 852 wrote to memory of 4072	852	Unicorn-10993.exe	99
PID 852 wrote to memory of 4072	852	Unicorn-10993.exe	99
PID 2332 wrote to memory of 5088	2332	Unicorn-15243.exe	100
PID 2332 wrote to memory of 5088	2332	Unicorn-15243.exe	100
PID 2332 wrote to memory of 5088	2332	Unicorn-15243.exe	100
PID 4436 wrote to memory of 3164	4436	Unicorn-44045.exe	101
PID 4436 wrote to memory of 3164	4436	Unicorn-44045.exe	101
PID 4436 wrote to memory of 3164	4436	Unicorn-44045.exe	101
PID 4808 wrote to memory of 4576	4808	Unicorn-60599.exe	102
PID 4808 wrote to memory of 4576	4808	Unicorn-60599.exe	102
PID 4808 wrote to memory of 4576	4808	Unicorn-60599.exe	102
PID 4828 wrote to memory of 552	4828	Unicorn-48129.exe	103
PID 4828 wrote to memory of 552	4828	Unicorn-48129.exe	103
PID 4828 wrote to memory of 552	4828	Unicorn-48129.exe	103
PID 2716 wrote to memory of 2000	2716	Unicorn-40733.exe	104
PID 2716 wrote to memory of 2000	2716	Unicorn-40733.exe	104
PID 2716 wrote to memory of 2000	2716	Unicorn-40733.exe	104
PID 940 wrote to memory of 3176	940	Unicorn-17403.exe	105
PID 940 wrote to memory of 3176	940	Unicorn-17403.exe	105
PID 940 wrote to memory of 3176	940	Unicorn-17403.exe	105
PID 780 wrote to memory of 456	780	Unicorn-28263.exe	107
PID 780 wrote to memory of 456	780	Unicorn-28263.exe	107
PID 780 wrote to memory of 456	780	Unicorn-28263.exe	107
PID 3720 wrote to memory of 4724	3720	Unicorn-53894.exe	109

C:\Users\Admin\AppData\Local\Temp\3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe
"C:\Users\Admin\AppData\Local\Temp\3daa1ac131cd73361dde44107eb2ad84ef7612ac7c8084c421074e0ddbadbe5b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
        11⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        10⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        10⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        10⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        9⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        9⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        10⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        10⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
        9⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        9⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        9⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        9⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        10⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        10⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        9⤵
        
        PID:15180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15180 -s 436
        10⤵
        Program crash
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        9⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        8⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        9⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        9⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        8⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        8⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        10⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        10⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        10⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31063.exe
        9⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        9⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        9⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13570.exe
        9⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        9⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        9⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        9⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        9⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        8⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        7⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        7⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        6⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        7⤵
        
        PID:18556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        9⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        10⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        9⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        9⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        9⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        9⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        8⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        8⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        9⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        9⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        8⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        7⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        8⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        7⤵
        
        PID:412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        7⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        7⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        6⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        9⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        9⤵
        
        PID:18604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        7⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        8⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        10⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        10⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        9⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        9⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        9⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        9⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
        8⤵
        
        PID:18564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        8⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        8⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        7⤵
        
        PID:18688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        7⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        6⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        6⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        8⤵
        
        PID:18628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        6⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        7⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe
        6⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        7⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        6⤵
        
        PID:18028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        7⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        6⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        6⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        5⤵
        
        PID:15376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        6⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
        6⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        5⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        5⤵
        
        PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        5⤵
        
        PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
      4⤵
      PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      4⤵
      PID:15624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        10⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        9⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        9⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2503.exe
        7⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        6⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        6⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        9⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        8⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        7⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5210.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        8⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        6⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        6⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        6⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        9⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        9⤵
        
        PID:18824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23803.exe
        5⤵
        Executes dropped EXE
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        7⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
        7⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        6⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        6⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        6⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        7⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        5⤵
        
        PID:18788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
      4⤵
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        7⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        5⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        5⤵
        
        PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        5⤵
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:15452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        7⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        6⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        7⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1541.exe
        6⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        6⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
        7⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36736.exe
        5⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        7⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        6⤵
        
        PID:18612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        6⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        7⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        5⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        5⤵
        
        PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
      4⤵
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        5⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        5⤵
        
        PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        5⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        5⤵
        
        PID:19324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
      4⤵
      PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
      4⤵
      PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
      4⤵
      PID:17436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
      4⤵
      PID:16240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
      4⤵
      PID:18020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
    3⤵
    PID:9436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
    3⤵
    PID:13708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
    3⤵
    PID:1512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        8⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        7⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        8⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        7⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        7⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39449.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        6⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        5⤵
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        5⤵
        
        PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
      4⤵
      PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      4⤵
      PID:13184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        5⤵
        
        PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        7⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        6⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        6⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        5⤵
        
        PID:5252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 220
        6⤵
        Program crash
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        7⤵
        
        PID:18336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
        5⤵
        
        PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
      4⤵
      PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        5⤵
        
        PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
      4⤵
      PID:17248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
    3⤵
    PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        5⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        5⤵
        
        PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62579.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
    3⤵
    PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
      4⤵
      PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      4⤵
      PID:15668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
    3⤵
    PID:10120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
    3⤵
    PID:13784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        8⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        6⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        7⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        6⤵
        
        PID:18620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        5⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        7⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        6⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        6⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        8⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        7⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        7⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
      4⤵
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        7⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9979.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        5⤵
        
        PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39253.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        8⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        6⤵
        
        PID:18572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        6⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        5⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        6⤵
        
        PID:18508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        5⤵
        
        PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
      4⤵
      PID:18244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
      4⤵
      PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
      4⤵
      PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        5⤵
        
        PID:18584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      4⤵
      PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        6⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        5⤵
        
        PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
      4⤵
      PID:18652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
    3⤵
    PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
      4⤵
      PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        5⤵
        
        PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
      4⤵
      PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
    3⤵
    PID:9456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
    3⤵
    PID:13672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
    3⤵
    PID:14992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
    3⤵
    PID:7700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        6⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59661.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        6⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        6⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        5⤵
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        7⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        5⤵
        
        PID:18496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:6204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        5⤵
        
        PID:18596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52942.exe
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        5⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
      4⤵
      PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
      4⤵
      PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        5⤵
        
        PID:13160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31063.exe
      4⤵
      PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        5⤵
        
        PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      4⤵
      PID:7580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
      4⤵
      PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
      4⤵
      PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
    3⤵
    PID:14392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
    3⤵
    PID:17992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        5⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        6⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        6⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        5⤵
        
        PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
      4⤵
      PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
      4⤵
      PID:17236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        5⤵
        
        PID:18456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
      4⤵
      PID:16368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
    3⤵
    PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
    3⤵
    PID:12704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
    3⤵
    PID:1224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
    3⤵
    PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
      4⤵
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
    3⤵
    PID:11300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
    3⤵
    PID:3064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
      4⤵
      PID:6140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
    3⤵
    PID:10680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
    3⤵
    PID:14268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
    3⤵
    PID:14864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
    3⤵
    PID:15892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
  2⤵
  PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
    3⤵
    PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
      4⤵
      PID:18420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
  2⤵
  PID:9252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
  2⤵
  PID:15520

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5252 -ip 5252
1⤵
PID:6052

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5812

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 15624 -ip 15624
1⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 17392 -ip 17392
1⤵
PID:11188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe

Filesize
468KB

MD5
24be75bbceed0c918ecf46f334c2e8dc

SHA1
b8ec14ff83ca0578aacfd9d05e9f4a0d9e482802

SHA256
9d67d31ffbabe3aa7b28bc46dbe1910408fb22b604528cf80ca316942a7ff087

SHA512
0a92d251229b286e42ec375aa1663716496fc8ae943ddb211021e188e78f4749891f9b2e453c279c80cd679e92b46a3973b8697e5a957f493020268b1cb9a278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe

Filesize
468KB

MD5
2d2e71287dd453ea3f74ddbedae09a8d

SHA1
5312b1d245fde43edc70e8db82b9886de90897de

SHA256
7d5b896dd7772e52adea50f181804d146160c59de985073bd60a476010c6934a

SHA512
c595c3d99bdb0c48b41ffec702aaebe130762b2bcc536f4cd9758f0fd2ca88753f2ea7ab84a61ac29c0df8c72c620581a783242600e6cb3eca06a7abfd8c127c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe

Filesize
468KB

MD5
c9d9802f3d3ed982d4ebd783de5baaec

SHA1
f272b92ed5b942794673271b90a96a5e1b0e7fce

SHA256
69dfe7d3cc6c26b8be1661e97956db2a30a44733814ad3ccea963879d8a7642e

SHA512
f741c6c94a5c192946bdd3f75668047d9e2bcae62ac6404ae577219c0657ecd6cebb8a633641af0cb34e59401e0cae68d5e9bdc0f55e11a89d058cd8e821c27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe

Filesize
468KB

MD5
50d0a929093cbab48d11bf579a100899

SHA1
350f9e824b742245787f8f1dd601808e2596004e

SHA256
aadbb663a63b1d030d322974e3a3cbba18145f994972afc07689ce5352826088

SHA512
dd1cae63481ce8cc03c4edc9961d77f90079a643f1d34a7fdf7c63b59bd0aff795ae64f1f0721e2a03ae4b68e40bd21c03df573a8ff1a883ef8eaeeb06c6a496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe

Filesize
468KB

MD5
cea139a90cb6f5e88780a2a67ae1efdc

SHA1
6f6a40150935bf9992c00cc64551797359f0520f

SHA256
bd01c5181d2dba5c0ea6e7395dac97748459b58d3ee13417b70e736d91b54c32

SHA512
ee0f51a324bf3915ced42783a341e43f0575bb2d789537853d372f16a047f8325a5e2e88b4267b29c0f57681f5a2a1ccaf3404b7cb634a07233c2310b623f21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe

Filesize
468KB

MD5
173caee969b41c6263d8dff33964b621

SHA1
9ab093071fc0ba9c67db683590680479c81cf48c

SHA256
874a2b642b3884a58d49cb5bb9345d3a148ec933a65277d2ed5e42bed96efc0d

SHA512
c14ffcdc04835864ade83d633704cbb39dc7652a104e01e3d2145be643e59d98c5e8dd07d9e5adb8cfae6a7c41b34ca3596440c06aa45088b5fcd304a83e81b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe

Filesize
468KB

MD5
77abec069aa3d571d1f7e8015bd96569

SHA1
c4da361fbfe8e9a9c3b3a9783ef77d8b7cc0a0e6

SHA256
9b804fa3a52b4b834cc757f1ad8189d91f247ba327cb9c29b600172179d5fb3c

SHA512
705dff0c2146dab95524c2f67771f57eb98b94d242438f6f719e6c509d13715a4484aa6166a36af0db97fe51bb234e0b009fb84b3ff1e9b32bcca6e6d8c2e739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe

Filesize
468KB

MD5
adc7a33064305430898b39229b5734be

SHA1
26902b4ce3a5675463acc37bcd86b3ae1c1c80aa

SHA256
5e468715b765cca4d3e0fc293cb7d9598741232c686dccd7b498ca4a06c01a78

SHA512
d6ab3681cc54c9d0532def9bdcb838d80480df8903b7dd8fe395e7895770cac4f8bb85e56987141714d99ef820256c0dc31df031c82cc73dcef2f5d8b9a1f51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe

Filesize
468KB

MD5
ff7fb0c5acd8324ec315428f5b9c2741

SHA1
37fbf1ad2eeeeb750918e94ce71c667d44e7afae

SHA256
f268112849a16bea3ce51be42a9268a5b794b7a712658391f08c3ff39e7cb440

SHA512
6643367cec45c6329d3225a524cf5e356ffddc7b7aab89497a72e322ed7c369ae9d56ec7ada02850c4e0050943a39ebb1014df2781d74b44ac5266d5071c3cc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe

Filesize
468KB

MD5
04a4c70d1c843412fba9f2ed36e66b41

SHA1
40ebc372861ee6c83de2ba8d84d264ee89f8fcb3

SHA256
10992e7f376a9e7723cb7a9a886b6c35e1a05dfff3a43773f28438c1e6cd1939

SHA512
4451229b8af175c5e492447802a0bd5795bc058f4df49db8f990611ca0ce29ea1540b2ed2606b03a3ce916d126ef4d669761cd2cd543db9a86ce5276b7ec630c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe

Filesize
468KB

MD5
1d318e84d912064fed0b97618ea21abf

SHA1
dd6ce1dbe18bd28a09cd026af76478374d768962

SHA256
40c3ef526f7b548cfd3d78ed91c83b5f9215b26b6c137fae208eaab8a5486d18

SHA512
78f98d1a20f24e4d67b490386474110bbdc2fa4c0316c584b866883dc3b500354bbfa23665aaee763290f29c37471b6db8df811484aefea88468e48ff5d6e6e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe

Filesize
468KB

MD5
18977b78994029f8a0ff97affde972bb

SHA1
4d4229840033c7e474940bb5e25ad2370fa1b521

SHA256
0580f47ab9c63182f1b848f1661cb7abffb365f6f4ea7d33b818d6502f87cd1c

SHA512
b786b1db00fb7b0a523c7d4d9c918285fa4b7ab21448b747f44884f58c7513e676292d1ff120a4160a3d633df8bd980517a4626ea99a39a9ab287487f62a40be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe

Filesize
468KB

MD5
8943d868f415ddda53aa6b714da57bcb

SHA1
48a3d135e2afe10c1ea0178ad492a13506dfb502

SHA256
21a6a04ed1ad86728a8c9fddd88f642ec72a01ab0e9bce752307ee5799ddbd76

SHA512
1ca218e848dc1b5e11b3006858d48356790dae641536c3c9a1035a9667af7e9682d581b7960913eaedca4b3454a8f55d60e555601a7d89067ecc098d2b766d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe

Filesize
468KB

MD5
37f8ea0e5d5d570d1abe319e31bde683

SHA1
81e3f0a624a629076e04a9ad1adecbc0be7a08d0

SHA256
0f947ad0039c590e030b9364b679a2ecfae3ea21e4a0ab5993159defc736e966

SHA512
ea97eca1dbb397c205b2b4f5227ed7d414b01425fd3950b865555cb14c1908b1c4917dc31a77b53f40f482d5d278f879cc7fe00d0534adc750ed661a7ede5d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe

Filesize
468KB

MD5
4be0b1930557900685e9359ad1d0c5ab

SHA1
53adfdd5b974addfc702d1b97c5cc747a2132c91

SHA256
8e77bd5062fe3b9fb974db08e2cf46e63715767772992cc431f3be6d4348259e

SHA512
5663366bc2535206f4cc01c96630697b87d5c366b70916f01ea1dbac4d291aa056fce026f0589e8ac9c266281197a1b3a39ad70d1036e03999e45e8d6a7dab75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe

Filesize
468KB

MD5
bfc6f81043757a9ab1d246dfe0353fc5

SHA1
97cd148da1bdf49181aab8041fc4eabd90cd907e

SHA256
7c70e4728fafa37c4dcd9d554df21651df4918d61b41dc0940a46c72916986d6

SHA512
b50552b3681943c23c3a67d95a332fa1b1dc533b0c1c36046698becd41b46a8eb574ed9e96e1d0c4ac9042135e1b81129e86f6bcabdc003831c98bf2a37ad26e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe

Filesize
468KB

MD5
8c3afc3fc80f3ec0ac497f0d56aa4f93

SHA1
652ac10c23b80e2f28f9f9c5bb8f167a0ff61a9a

SHA256
6a2a4edac3aee05e3e75d981fc8f8c1e0dbb6759a261e56489274876b2bf9efe

SHA512
6df632daa7e0072dc424b5e9f9cd6702732ddb14343ab5be381a5a2528e2f9269066a4c2449490a4734b8e8e4f0831a4120c4ea657ac65b620d0b98f319616a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe

Filesize
468KB

MD5
107b104aa06662bdbdc57a14bd65f736

SHA1
d4cd68928bf67186047dfa5d252559e40453323e

SHA256
37e2c76d8b50bced905ff174b11d55d06abcd60acdbe07c6ca3fc99c2953ae15

SHA512
bd6611da0922bda6784209a2547c75b93b3908a89e75c6ff902499ecdca9e687dce7c3fdb982e324cac77ad3ec20fb4d56fcce21857c97c96ccbdfde97c04529

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe

Filesize
468KB

MD5
e76e6384a867776306ad0f919383684e

SHA1
3b2af7b51c9c260b69c4ea1dd35a9921ee5512c3

SHA256
d04b472a4e29e67334a7d6799e829c83d60e293e430b911b0075fab9d313a2c4

SHA512
96f4ed1b7d1ea77d77436ae7cf8bb387c1a14f801775542f3558a6c295f0de78663b6f4bdd622dbfe843cf3220eaab66456a806f868b79f0cd88c672a3bedb49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe

Filesize
468KB

MD5
cbbde7f506891f5e44c25b82ca2ddabb

SHA1
70bce5b0f3b22877ec85e4a1e3201eab706da49c

SHA256
ce7a7caecfe4205ed93280d4c6772365253c9d2048a6450384d56cba07a942ee

SHA512
4e06a3aebaf7b519ae108e45d9107bc867a890dadb9066a007c28a7d2945f5bc87a13d96f8efcca201b139ff4ad92a37846595e9abb07efe5646437cdd182f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe

Filesize
468KB

MD5
12960f212d63c4bd8df452175c296339

SHA1
317c48620fc366bed90a328ca39a457132be84a3

SHA256
0034b4e8358a9dbf5d0d75d449180e6306648e6c6232af52d4cf3b062f283fcb

SHA512
e5db5ce988c72811d79695b64015f5ad2d241ce5c6b0661961da3b3bc613e0f14110d6a7e1a2c8ec9437056809c6f3c0688a32173870da7ecb40223dec6939ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe

Filesize
468KB

MD5
c03c6b8aa98e8c463ad1340421d4ac99

SHA1
00b657d2a182887d1ff912a15d567e1d5a489309

SHA256
041d3509abe812c27a9247474ac3081d4ce4486d7d27a0f956740b6da5990642

SHA512
f4e46da06303b463603107a599cb5d316821ad23068c3b68df15100cbf451edfcb6a19d518d45a0c9c4810cd4b9a7490b4f10b095a55a29a0407f11a694d3bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe

Filesize
468KB

MD5
a7a967065c05ca8800940b83880f5f9f

SHA1
80ccc26ab3a86621a7d011911a4072f75492e132

SHA256
9df042e2e87b9829ebf99a13a92da456c7a1d01727a5e7c36e9c341603d43045

SHA512
fc297a5b8b80547808b84af0688634832a7db988242d4b2ebd4ee5aae87cceedfb4a7550e5212419e8c20e5661002ab428e7421913c42ff5920232cb8a8f161b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe

Filesize
468KB

MD5
bc6893e77521dacf8b591d0b18950727

SHA1
888e1bdd496f1ed43a69bda005bb4dc65efc3ddb

SHA256
e35b746c7b62442c809b50fd2aba425deabc1fe15d4a8f00021bde7648d512db

SHA512
0985762c3ae63a9895f4c00203d98b50d4b805ae53f3a57a1acd703943e49fcbc2b75d1a7211937c861775d6b3ba4d9ebbbeb948e5191f9fb7e68576b3234a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe

Filesize
468KB

MD5
c86802a67d237ae387b70f6e9eb2d187

SHA1
ce4c8c40bc2508bbe503b4bb383e253a9030dc1f

SHA256
7221ae489451183061b31946301e2b61b97ddc04eaf461038ddad6253fc592ed

SHA512
13d9ce0263b7e160adc30f69215afb1d05ffce54c5a2bf275eb43085ff9e664cfabcb48cd40a3049bf6418d66593d895f760ed8f7887ea5f4f3887379287396f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe

Filesize
468KB

MD5
6144a6ea917781d43d0344b33345f041

SHA1
6102fb39da017d257f9ab06acf24c0e4a6a44075

SHA256
6b4bc00fbbaf2240f69ac24c70ccb8823494e23e3bab27b5fef0089a6d77a58b

SHA512
567d4022e69ffe0912a3812053d1c703465ee366c7d568392acabc14818459350563f70c71b89030e345279a8647d04c9ea75bf10409d1b63f6e0ad92ab38ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe

Filesize
468KB

MD5
748f1142fc84fb421ca63a4df2fb214b

SHA1
0d514d46ebdd4aff3be90feeac974b01243b8011

SHA256
7e80ed951a9b0e4241278b14921ba73e8b2741fef8c348819ecd59d98ed8503c

SHA512
6a95aa267ad2d7f7fa6ed1b10fa219111de307cecd727984e998b76cd738eae835698ee987146b12b3795a7dcbeae3538cb89dbac2c864ae6ac835bfd8ed9251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe

Filesize
468KB

MD5
77a6d6a3c789f29d0b440e12d0954206

SHA1
b8330096038dc76cde1b702e739e9ade2f518df7

SHA256
a283acbbd7c32abe9be1d9e0e5f053c8474b5245fd9175d8f023ce1ca7ee2ae0

SHA512
abf7918b41a1848aa8fb32536296e3eb6ed8fdedb240c76d3feac35deba0924d684665c82d6bc601e6771dc75fbba26ca2bbc05b5255c1c8e999d71f061758a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe

Filesize
468KB

MD5
8a1b34fd07fd67a2d12012470a9f9026

SHA1
f48ef1157422acf5cba48c7e72c3feaea926ff78

SHA256
30a1e9c18e52a941acc7a23a5292dab250466b91bf7116aafdcd6eed418a665b

SHA512
02173bf0611193f808b7a7daa6d13180fa1bd46319f4bb16ec5fb1f44c8e3e058ffd691d072430d92583f0e8a7c4898533c04f088f0e9d23fc53d1a63d30a540

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe

Filesize
468KB

MD5
3bed3191d30826b716cc3df36ecdb73f

SHA1
be36e83264f0c84e22c88e887b33bc8da8a47e93

SHA256
cd2fc6fd65c6ce4c5ed4fb6c8cf6965ab72e5987816dffbad0b092fd698249a4

SHA512
6c68748ab45ec927bb0c935d60c22247b77591cdc5afc7818433308f5debaa5ec3cdd32b1de963c0c6e92f63ba2249f40ccd0ff938afa617327ad1054033710a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe

Filesize
468KB

MD5
6468d3d1d18a1f95d0e3ab8bd73ddc26

SHA1
27ad1198137a1bd70a2a0ab9ab3f4183544155bd

SHA256
be1819bc75bcf9a6173e35650a2a097cd485f3c3f5601960e46617a96e556379

SHA512
e658f435efc89b6495d7806e76d543e72ddbc09aa5df560e256fcec4d090da36ef28b22d0407137f787e28c18206f8927a386ec36f7d55bf1d0c8781b5212274

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe

Filesize
468KB

MD5
9350e2f9fbdec24b98188546cf5aac0e

SHA1
19f911b2beb39a00c98034c74ea225b3d22e1115

SHA256
3eb9320a6a59d0e6ffc7717b96aca77dab681038322f1b797c061cf87bf3b0ee

SHA512
f1e1a79eda677a4c8d62c4a4ed51a5818d4284f4188a2d830a7fbb462bc645766c05b396625510811c359c81261043f4736f010ade6bd67ec606363fca51f9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe

Filesize
468KB

MD5
1bc35019d7f47f1a67aa18e7a23b3964

SHA1
b33ada7adda53421a855d83a16b5f7da6085ca5a

SHA256
e66d5a91ab164c71e1b8b14f875d720cad0c6bca7d14e92eb51807a5943584f1

SHA512
272509e046bab51fad2e305d4f23914afbfd861b70c98b5a19448fbfcc5f5fd7e3a5fd38e533dc43045f6eb360075c6d2cf24fe41dfc8267855c2b90f6894d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe

Filesize
468KB

MD5
d2494ba2327818009eecc980f768b71c

SHA1
cf706f7be9405ed39950530843d361d78af47ef7

SHA256
3998e71e6cfc1acdfbd2cc27d45ef8e7bd9255ab3e258b09cf366a46aa539c6b

SHA512
445b1d4f882414f708a25d534021ed023b0b7b5f88242f3717db2c0965f7621f524c357466632945241d3f01211e7117c73f211fa0451c523139d926a162648d

Download Submit
memory/456-2941-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/656-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/772-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/780-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/852-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1160-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1248-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1332-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1364-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1380-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2000-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2104-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-2866-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-31-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3148-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3176-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3220-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3312-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3368-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3556-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3656-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3704-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3720-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3724-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3880-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4072-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4100-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4184-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4252-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-2942-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4432-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4724-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4732-4854-0x00000000768D0000-0x0000000076AE5000-memory.dmp

Filesize
2.1MB

Download
memory/4732-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4788-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4936-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5320-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5348-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5404-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5424-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5436-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5464-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5472-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5512-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5532-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5540-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7532-4768-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/10372-4773-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/10452-4776-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13836-2418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13952-2938-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14012-2626-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14516-2911-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14740-2417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14856-2648-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15068-2615-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15212-2477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15280-2633-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17452-4782-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads