2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe
Size

468KB
MD5

823f3f6b8f15ef867a7fbb37991b81b2
SHA1

9646746a0ee451a61f1747e41ac7d4b16c266424
SHA256

2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941
SHA512

58c6384686a2a64ba18cddabe7f8c1a2dac7280bca25a18b4d7559b8b3b0cdf2f5021b9b735658b9d2947eca265200a764c7e8d937bd28ef0c7ddf3ab035169e
SSDEEP

3072:aullogfxR68U2bYhPz3cqf8/EC3jyIgZswfI+V8p4xF+rEWct5M2:auXoCDU2aPDcqfRVQh4xgAWct

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2444	Unicorn-57180.exe
2128	Unicorn-9131.exe
436	Unicorn-31175.exe
1128	Unicorn-17046.exe
1100	Unicorn-17046.exe
3992	Unicorn-49396.exe
2156	Unicorn-63131.exe
4536	Unicorn-37549.exe
5040	Unicorn-20698.exe
4032	Unicorn-48732.exe
4748	Unicorn-7434.exe
1652	Unicorn-7699.exe
4252	Unicorn-46594.exe
4844	Unicorn-28211.exe
4776	Unicorn-14476.exe
920	Unicorn-64082.exe
2708	Unicorn-64082.exe
3228	Unicorn-54845.exe
4568	Unicorn-6967.exe
1032	Unicorn-39392.exe
964	Unicorn-60666.exe
4860	Unicorn-33932.exe
3940	Unicorn-18150.exe
2344	Unicorn-45115.exe
4944	Unicorn-50268.exe
4076	Unicorn-54907.exe
3800	Unicorn-9235.exe
1108	Unicorn-28264.exe
1920	Unicorn-802.exe
2568	Unicorn-1067.exe
2844	Unicorn-36847.exe
2736	Unicorn-2411.exe
4752	Unicorn-6495.exe
3704	Unicorn-56573.exe
624	Unicorn-56059.exe
1004	Unicorn-51975.exe
1936	Unicorn-44129.exe
4528	Unicorn-40298.exe
1984	Unicorn-10963.exe
4360	Unicorn-23216.exe
3168	Unicorn-45674.exe
4284	Unicorn-55888.exe
2928	Unicorn-2711.exe
4408	Unicorn-37149.exe
3392	Unicorn-24647.exe
1940	Unicorn-465.exe
4912	Unicorn-52359.exe
1808	Unicorn-18940.exe
4976	Unicorn-34513.exe
4348	Unicorn-43179.exe
3220	Unicorn-30123.exe
1616	Unicorn-39360.exe
4744	Unicorn-47227.exe
1584	Unicorn-32514.exe
4472	Unicorn-56464.exe
4220	Unicorn-47227.exe
3968	Unicorn-44112.exe
3524	Unicorn-1133.exe
3008	Unicorn-7263.exe
4444	Unicorn-60034.exe
4996	Unicorn-34098.exe
2316	Unicorn-54196.exe
4940	Unicorn-24861.exe
4592	Unicorn-60226.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6988	6024	WerFault.exe	203

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63593.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16520	dwm.exe
Token: SeChangeNotifyPrivilege	16520	dwm.exe
Token: 33	16520	dwm.exe
Token: SeIncBasePriorityPrivilege	16520	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe
2444	Unicorn-57180.exe
2128	Unicorn-9131.exe
436	Unicorn-31175.exe
1128	Unicorn-17046.exe
2156	Unicorn-63131.exe
3992	Unicorn-49396.exe
1100	Unicorn-17046.exe
4536	Unicorn-37549.exe
5040	Unicorn-20698.exe
4748	Unicorn-7434.exe
4252	Unicorn-46594.exe
4844	Unicorn-28211.exe
4032	Unicorn-48732.exe
1652	Unicorn-7699.exe
4776	Unicorn-14476.exe
2708	Unicorn-64082.exe
920	Unicorn-64082.exe
3228	Unicorn-54845.exe
4568	Unicorn-6967.exe
1032	Unicorn-39392.exe
964	Unicorn-60666.exe
3800	Unicorn-9235.exe
4944	Unicorn-50268.exe
4860	Unicorn-33932.exe
2344	Unicorn-45115.exe
1920	Unicorn-802.exe
4076	Unicorn-54907.exe
2844	Unicorn-36847.exe
3940	Unicorn-18150.exe
2568	Unicorn-1067.exe
1108	Unicorn-28264.exe
2736	Unicorn-2411.exe
4752	Unicorn-6495.exe
3704	Unicorn-56573.exe
624	Unicorn-56059.exe
1004	Unicorn-51975.exe
1936	Unicorn-44129.exe
4528	Unicorn-40298.exe
1984	Unicorn-10963.exe
4360	Unicorn-23216.exe
3168	Unicorn-45674.exe
4284	Unicorn-55888.exe
2928	Unicorn-2711.exe
4408	Unicorn-37149.exe
3392	Unicorn-24647.exe
4912	Unicorn-52359.exe
1940	Unicorn-465.exe
1808	Unicorn-18940.exe
4976	Unicorn-34513.exe
4348	Unicorn-43179.exe
4472	Unicorn-56464.exe
1616	Unicorn-39360.exe
3220	Unicorn-30123.exe
3524	Unicorn-1133.exe
4744	Unicorn-47227.exe
4220	Unicorn-47227.exe
1584	Unicorn-32514.exe
4444	Unicorn-60034.exe
3968	Unicorn-44112.exe
4996	Unicorn-34098.exe
2316	Unicorn-54196.exe
4940	Unicorn-24861.exe
4592	Unicorn-60226.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 2444	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	82
PID 3824 wrote to memory of 2444	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	82
PID 3824 wrote to memory of 2444	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	82
PID 2444 wrote to memory of 2128	2444	Unicorn-57180.exe	83
PID 2444 wrote to memory of 2128	2444	Unicorn-57180.exe	83
PID 2444 wrote to memory of 2128	2444	Unicorn-57180.exe	83
PID 3824 wrote to memory of 436	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	84
PID 3824 wrote to memory of 436	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	84
PID 3824 wrote to memory of 436	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	84
PID 436 wrote to memory of 1100	436	Unicorn-31175.exe	87
PID 436 wrote to memory of 1100	436	Unicorn-31175.exe	87
PID 436 wrote to memory of 1100	436	Unicorn-31175.exe	87
PID 2128 wrote to memory of 1128	2128	Unicorn-9131.exe	88
PID 2128 wrote to memory of 1128	2128	Unicorn-9131.exe	88
PID 2128 wrote to memory of 1128	2128	Unicorn-9131.exe	88
PID 2444 wrote to memory of 3992	2444	Unicorn-57180.exe	89
PID 2444 wrote to memory of 3992	2444	Unicorn-57180.exe	89
PID 2444 wrote to memory of 3992	2444	Unicorn-57180.exe	89
PID 3824 wrote to memory of 2156	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	90
PID 3824 wrote to memory of 2156	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	90
PID 3824 wrote to memory of 2156	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	90
PID 1128 wrote to memory of 4536	1128	Unicorn-17046.exe	93
PID 1128 wrote to memory of 4536	1128	Unicorn-17046.exe	93
PID 1128 wrote to memory of 4536	1128	Unicorn-17046.exe	93
PID 2128 wrote to memory of 5040	2128	Unicorn-9131.exe	94
PID 2128 wrote to memory of 5040	2128	Unicorn-9131.exe	94
PID 2128 wrote to memory of 5040	2128	Unicorn-9131.exe	94
PID 2156 wrote to memory of 4032	2156	Unicorn-63131.exe	95
PID 2156 wrote to memory of 4032	2156	Unicorn-63131.exe	95
PID 2156 wrote to memory of 4032	2156	Unicorn-63131.exe	95
PID 3824 wrote to memory of 4748	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	96
PID 3824 wrote to memory of 4748	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	96
PID 3824 wrote to memory of 4748	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	96
PID 1100 wrote to memory of 1652	1100	Unicorn-17046.exe	97
PID 1100 wrote to memory of 1652	1100	Unicorn-17046.exe	97
PID 1100 wrote to memory of 1652	1100	Unicorn-17046.exe	97
PID 3992 wrote to memory of 4252	3992	Unicorn-49396.exe	98
PID 3992 wrote to memory of 4252	3992	Unicorn-49396.exe	98
PID 3992 wrote to memory of 4252	3992	Unicorn-49396.exe	98
PID 2444 wrote to memory of 4844	2444	Unicorn-57180.exe	99
PID 2444 wrote to memory of 4844	2444	Unicorn-57180.exe	99
PID 2444 wrote to memory of 4844	2444	Unicorn-57180.exe	99
PID 436 wrote to memory of 4776	436	Unicorn-31175.exe	100
PID 436 wrote to memory of 4776	436	Unicorn-31175.exe	100
PID 436 wrote to memory of 4776	436	Unicorn-31175.exe	100
PID 4536 wrote to memory of 2708	4536	Unicorn-37549.exe	102
PID 4536 wrote to memory of 2708	4536	Unicorn-37549.exe	102
PID 4536 wrote to memory of 2708	4536	Unicorn-37549.exe	102
PID 5040 wrote to memory of 920	5040	Unicorn-20698.exe	103
PID 5040 wrote to memory of 920	5040	Unicorn-20698.exe	103
PID 5040 wrote to memory of 920	5040	Unicorn-20698.exe	103
PID 4748 wrote to memory of 3228	4748	Unicorn-7434.exe	104
PID 4748 wrote to memory of 3228	4748	Unicorn-7434.exe	104
PID 4748 wrote to memory of 3228	4748	Unicorn-7434.exe	104
PID 1128 wrote to memory of 4568	1128	Unicorn-17046.exe	105
PID 1128 wrote to memory of 4568	1128	Unicorn-17046.exe	105
PID 1128 wrote to memory of 4568	1128	Unicorn-17046.exe	105
PID 3824 wrote to memory of 1032	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	107
PID 3824 wrote to memory of 1032	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	107
PID 3824 wrote to memory of 1032	3824	2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe	107
PID 2128 wrote to memory of 964	2128	Unicorn-9131.exe	108
PID 2128 wrote to memory of 964	2128	Unicorn-9131.exe	108
PID 2128 wrote to memory of 964	2128	Unicorn-9131.exe	108
PID 1652 wrote to memory of 4860	1652	Unicorn-7699.exe	109

C:\Users\Admin\AppData\Local\Temp\2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe
"C:\Users\Admin\AppData\Local\Temp\2a8158331e138b116c2ca0ce85153e940f555273d440717c7d058800db742941.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        10⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        10⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        10⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        9⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        9⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        9⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        9⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        9⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        9⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        9⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        9⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe
        9⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        7⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        9⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        9⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        9⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        9⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
        8⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        9⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        7⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        7⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        6⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        9⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
        10⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
        10⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        9⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe
        9⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        8⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        7⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        8⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        7⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        7⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        7⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        7⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
        9⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        7⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        7⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        6⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        6⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19597.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        5⤵
        
        PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        9⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        9⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        9⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        6⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        8⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        8⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        7⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53433.exe
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        6⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 492
        7⤵
        Program crash
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        7⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        6⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        7⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30899.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35856.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
        6⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        5⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        5⤵
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        7⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24363.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        5⤵
        
        PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
      4⤵
      PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        8⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        9⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        8⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        8⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        7⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        8⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        7⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
        7⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        7⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
        6⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        7⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        8⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        7⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        7⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        6⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        6⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
        5⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
        6⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        5⤵
        
        PID:728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
      4⤵
      PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        5⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        8⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        7⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63368.exe
        5⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        5⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5592.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
      4⤵
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
      4⤵
      PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        8⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        7⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
        6⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
        5⤵
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        6⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        6⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        5⤵
        
        PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
      4⤵
      PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        5⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        5⤵
        
        PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
      4⤵
      PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
      4⤵
      PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
      4⤵
      PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
      4⤵
      PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
      4⤵
      PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      4⤵
      PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
      4⤵
      PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        5⤵
        
        PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      4⤵
      PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
    3⤵
    PID:11964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
    3⤵
    PID:16868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        9⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        9⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        9⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        7⤵
        
        PID:424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        8⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        7⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        6⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16538.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        7⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
      4⤵
      PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        5⤵
        Executes dropped EXE
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        7⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58600.exe
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        6⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        6⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        5⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
        6⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
      4⤵
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
      4⤵
      PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        6⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        5⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        5⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65179.exe
        6⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        6⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
      4⤵
      PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        5⤵
        
        PID:16532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
      4⤵
      PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
      4⤵
      PID:16588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
      4⤵
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
      4⤵
      PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
      4⤵
      PID:12140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
    3⤵
    PID:11256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
    3⤵
    PID:14512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
    3⤵
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        6⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        8⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        7⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30441.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        6⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        5⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        5⤵
        
        PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      4⤵
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        6⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
      4⤵
      PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        7⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        7⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28424.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44194.exe
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        5⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
      4⤵
      PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      4⤵
      PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36758.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
    3⤵
    PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
      4⤵
      PID:15820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
    3⤵
    PID:3096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        7⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        7⤵
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34397.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20446.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        6⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34397.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        5⤵
        
        PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
      4⤵
      PID:16516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        6⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        7⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        6⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58091.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        5⤵
        
        PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
      4⤵
      PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
      4⤵
      PID:15584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
    3⤵
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43164.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        5⤵
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
      4⤵
      PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25294.exe
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
      4⤵
      PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
      4⤵
      PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
    3⤵
    PID:7436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
    3⤵
    PID:12720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
    3⤵
    PID:16824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        6⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        5⤵
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        5⤵
        
        PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
      4⤵
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
      4⤵
      PID:13148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
      4⤵
      PID:15424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
    3⤵
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
      4⤵
      PID:16848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
      4⤵
      PID:15752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
    3⤵
    PID:9028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
    3⤵
    PID:4452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
    3⤵
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
      4⤵
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48011.exe
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        5⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        5⤵
        
        PID:16144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
      4⤵
      PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
      4⤵
      PID:5840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
      4⤵
      PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
      4⤵
      PID:11836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
    3⤵
    PID:8916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
    3⤵
    PID:13792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
  2⤵
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      4⤵
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
    3⤵
    PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
      4⤵
      PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51060.exe
      4⤵
      PID:15688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
    3⤵
    PID:11356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
    3⤵
    PID:15908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
    3⤵
    PID:12948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
  2⤵
  PID:6960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
    3⤵
    PID:9680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
    3⤵
    PID:13492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
    3⤵
    PID:16400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
  2⤵
  PID:9240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
  2⤵
  PID:13264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
  2⤵
  PID:15524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
  2⤵
  PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6024 -ip 6024
1⤵
PID:6560

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe

Filesize
468KB

MD5
a14a94e73ba2d64f4cfbb2cd1be144a5

SHA1
89e0a6a40be823e9f68634e5df9d32feb54327b9

SHA256
531f818e7db63f47fda5e56f606d6aaffeaf4cc8938ff2f3de958b23899ed2d6

SHA512
64cab76dac61c266016b5d46f8e2ebadf75bbfa69ab4728f8269dd690aa0078696fe7b73108d2e0fdc46db582986e33f41038510938a7fddbfb30280b87776b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe

Filesize
468KB

MD5
7b591f4be7215b111c69b3561dfcad80

SHA1
4365817c8a4fa8360279c110b52d56bb30bb2a11

SHA256
93f2516cce580c4284806a3ee402ace0f626024261d5269d9be04536cad12dc9

SHA512
28f4f8ca412b4c6ae5cfe2973df02658d5a228cc3ed16106c8d2c4701481d2434e413bd4be729a5ee232012abc1f3c2994efa993280e73a6459a5d92f8d4fb16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe

Filesize
468KB

MD5
7ff222ee4988c779ea43fdf0eaf10c4a

SHA1
d530830e7d225ee49698899857ba64516bca2d77

SHA256
67aac4d222a0ce2d90dcb2478e41ea31cebdf82c1e132e8b8248f303fbde1534

SHA512
02b163957053a4d58a1ed065d2064a612c4886f1cd1aea192aad58899805d463bf1add783a473a64279afad73cc9d30be6c840c202816ba15648878f823b582b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe

Filesize
468KB

MD5
5583f0c6769ccef6805c4f2d3ddb00d6

SHA1
d582b25b62b4599239886bc61ddef8b30abcc473

SHA256
0ed526d263093a05688b59f86f99c9fb5169e242bd0838ad52ef40ee77abd539

SHA512
2cc7bbc3c653ebd47b614440886dfe78085676ba21dacc33a85fd7fff9ab6dc4893a94d5e3747cab6f1d2faf8b7489ab73e5c5aa10a039d7486315ebbbd16813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20698.exe

Filesize
468KB

MD5
1ac97b4ad7d7afefc163cf118d3329d0

SHA1
7ffc9c335ecab4596ffec325220af946b1a2d9ee

SHA256
c55d779c9fb0fd08b167df2775bb3970553872d0a1a0226fbb52409df4f23430

SHA512
994bd63f5cc203da9d0250f0bd62050b6624cf4420aa18d98aa61cf9ab499d9d252d06840774799332ca36b454b76b1629462074b58493c013d53d8d63c221c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe

Filesize
468KB

MD5
9788d432df4158741f3c4fec7eef5367

SHA1
338a762a926d0041b39b43e044a3d5dec1be9ea8

SHA256
8032713e119e24140d27c90855ba5b543ebe6e59208535270478cac19811951b

SHA512
726f19308404128b042d2bb81f6a6cf8decab17678453afc1000152f657725e6c91aa847c6e78d7efecdb3114b3f8b399c135ce796caff0be1ef05d839a914db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe

Filesize
468KB

MD5
dcc2ddce7f697ac9772c7c9351332eb8

SHA1
14c45b84778c178ce41707906d6573e78b9c6234

SHA256
6f267cf724e73bdd92e57361541879fc83656fd181b6db4800e216c2ac6cd221

SHA512
87e71cdcb6391968c67b0cd8f81db3ee7ab3321a710b957ddf6e9e5b16dcf514302b9ed4c9e08a85436ba376eb5b9a0789a174be7a5097a0472754e23d6d3f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28264.exe

Filesize
468KB

MD5
4648a472d8a5c4738b68f64f172b41b4

SHA1
24fe8d945fb904da2a5db8368819c76a099ba959

SHA256
0901de257a235421c10319911fdace8cb01cfa274a3842e6efa671f86de2de8b

SHA512
fb0b1a797f986133d1a7a8ad811983b99cbcca976989d5910c0fa01c0dad15326c44bd5f8aa3534dc57bfd22d544d818da8067691bf3b280777eb25b269d8f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe

Filesize
468KB

MD5
0ff52f33ab8ab18d4f86845288e1a699

SHA1
8223727f3185507f505aba1ac93ce2a234a1c5da

SHA256
b51dbaf4304f01b8136c4e06c6efcfe82e780729590518b6ff8e9f9861d67620

SHA512
20e4ff9506b9e667bb5b7ee48dea293f39c67b91bf6ffa20405d573043a79fefeaa3b8fb5e3ea6f5f253f3492db69c81f0ab14ba1bb1b099908a398f92da80ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe

Filesize
468KB

MD5
664096e148d3bf35a3f4c604be04cd4d

SHA1
7a77138a368341e0da3c3d00f41a70aa9401ccba

SHA256
843c4add18fabda1e4560044c67fa2edc64ea0fdd2f0a603b70de05443b90939

SHA512
46b4835a975abd3aad9d47e57877b5a952d7fe631ec3a01e97c32eb9511aca0aa9ce016adc767a7e9e02e4c2e7f203a527b5fd32d1af127efc10935c99b668f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe

Filesize
468KB

MD5
ddde1aa3150fcb3637e5658952335efb

SHA1
df6a04c3a3dc4a1c3529c21fe74f5c3e69a6cd77

SHA256
388a785a5354b978da74357bcfc335023d6e5bcbb4bdb309d00c5684e628a48e

SHA512
5479ffb9d9f9439849b495e753a067298efa6c7d0747e72bce11fffc287a2679fa61f30330b8b80583433fa445e67a692a3cf4e3b50f41d4e3c4f863a892ad4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe

Filesize
468KB

MD5
3bc37794f693e4ebbf6fdb83c2f59147

SHA1
a9731ab76d794773dc79641fa00619ee1cf8b46b

SHA256
ba6c44e298f0ebdf56802607ab489b1ed1c15de6d68dc1a09c22eecd73389e17

SHA512
caf9e6faba83d13fbb432095d0d0049492c3209c5c370ae82b74e769543f20cecc557740f6d57b696f57c26d3c7f0ebb9e5615068529a7bcd51431c671647e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe

Filesize
468KB

MD5
8362167aa499ed4f456f18f81e0dc233

SHA1
71155247c5f2605be76840c8be45d43ad4c5edd6

SHA256
729bdaf5a845c396ac57a780fa79cf1ad3394dcaa7547db9c118e67873046d0a

SHA512
c188c6f84a7f516aaff1f94e4abf623f425b4d4468e3178a04dcbbd4f27ddd6f9a05657d28336ffac19a4ddf8c4fd26dc537cba6a0c80ce94851280b84264f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe

Filesize
468KB

MD5
7ad960f0132ffa410fde4a2a20407e57

SHA1
1ae63ba77057a83c3ffe7787474fa90429c7e396

SHA256
43216990dd6f3604836e81691699114553e24deb278190552a88f830cb10fc30

SHA512
fc356d23caae447ebb49338b3aa2c99a23d735451aafc01b537046e930b788daa18093b83af9ed01cb79154d0cc5d434d1b18145538e836c8fc0bbecfdbc2cfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe

Filesize
468KB

MD5
fa41b8fc520664d3d378da0a5286cd4c

SHA1
ae211c75540e398492cead35bd0740836cf14921

SHA256
46597a273f95c76af7957c479a4789999b6d25cc54489781cd7745adf9bf62b2

SHA512
59b623878de61eacea7cd552710ac08a73e8351590e6f50c78f04b6ca9ca198eb2fac978647b9398274d7a24c0ac3d449b81c7a50339fe976b23086c4fbb574a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe

Filesize
468KB

MD5
1db0fb309a5b53c713319e6fec52fed5

SHA1
6afc3701353489e39dbcadb8c341c56cf06625ae

SHA256
c3c1dc48cf5860f09e41880eb36475da1468e8b0547538bbed51e711db64cf4a

SHA512
0012c54985170ea3dbbe15ef8731a3f0ad13543c77fd93ea2bae73d67caf454a557eb2fd6d26e7ebe575bee23e289888d1996a8e53e48664d687cec7651db5a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe

Filesize
468KB

MD5
24c1fdc97f1fb26aac5928d5beb7099f

SHA1
67764b7c721de8bbea0f3b1a8800adbea053626b

SHA256
933cb4408eec7ae0081c25967b731de4b910a2ac8311c5d4a18db382341a3b49

SHA512
96a5c9a1587b7e5dda72750867c92ea73b290c4eb891a2df586c9a78c7bb90c3925ab7ef6b66e765c29b3ef1e226507ead704bf986e6fab9a697b89e6f005f49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe

Filesize
468KB

MD5
9c491c63b9f60f23ede45858af32aa80

SHA1
6ccb0204aff608db2ac552089fa4f287b0a9894d

SHA256
fe828827e92d0203236792a0905e9b78a84ad44e5b7c7fc16283c62058e71894

SHA512
cf2168141581a99ca80963d41215a2d84bc5df66713d93af58538ebf2c9dc2137fa0329286efeb15c65a50f4126c35902d19aed8c8f0db1cbab69e11ab1c03d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe

Filesize
468KB

MD5
cb86693eddf20ceb4c441006f5a77e9d

SHA1
55d676638fcb0a3bed430c28969423ef6d5a0253

SHA256
a6e721c2a42e2b60aed7b3790780e22d1e570f2a8a4d3dab5bd952da5d938418

SHA512
340453d5a620422b7847638424430753317478b124c84d5f2e9b4eaba62f75f69a137822ef6aa576086b8075563312469c74fff6e0eac571e7b2918ac71197bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe

Filesize
468KB

MD5
ed1a79ab061101b1890164798292f003

SHA1
162e951d329ee2afeb1523d6b8f21e663fdc0186

SHA256
35d30c88059fb097ef3235421104776c44afcc613b9692a2d0adb00e9c803f3a

SHA512
f41868d21893d6e5dcff899ec2697882960a4d836fc73aaa6fe54275d0a0ebf78ead3c78e09052ec0ee63b912e83d546bbe82aeec90cca660d7c230058a7bd74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe

Filesize
468KB

MD5
1a87dbb750ac122de4ea98d82a045dea

SHA1
d1aab81b6835eb431a00eea835f40c4225c23198

SHA256
5a1c0165f7980adf0fdd9155d1974830aa820f146e53e5f48dbc26de2abfc771

SHA512
2be3591beaea9de7d63f2aa7d9c451469e208ef5b035f0947a8bc49352bc058980d15bd689da258beb5e1c4f967c158ad4ab3646e86779fd2aad1b1bd84f1dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe

Filesize
468KB

MD5
2d9e32759709cb38a6ee5992e2c54858

SHA1
e92d51db5ac478e1ad59c67589ab92a4194409f5

SHA256
940d4c5c3c556c5758692b4aae0bba07ffbc12d6188f6a8f24607abd6513ee11

SHA512
cc3714d9de8c77f7cb9a2177d8e60b4b6faa2224e53860589f034ef06ffb41953c93915e68fc62f5d194591dcf280c15357fc26df7c78fe07b2824c66cc9b18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe

Filesize
468KB

MD5
f36c71e0410354c689abba76984d3baf

SHA1
e549e5a0628f1f83f47564c12d942b3f2d87b77d

SHA256
66b8e88aa1a3713c2a893ade11f68a5544ea9266f2030b5441385d0dfa7af445

SHA512
9bf6f9eaf49ae0d4b1180c9d2350089057be3b7307f66e27f0b3bc0dee1324794b55286f8e34e802bdca77a5e2c2103b473b7eb28ed1b155da315f9b234ba378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe

Filesize
468KB

MD5
682ca2096b7ad1f8fae5581d4b1a43d1

SHA1
ce038bf431a0d68df1d3b5e620e84548185a7ec2

SHA256
27fcef309fece5206ff40085cb39124506e2545489ac1d145002d1b819c4cad6

SHA512
65dfaad15174462038209a8835d073bacf644575cc50920e2ce142e0b0ef87dcc057d11b662af7442a8bdc67129ec25c21fe72005702a41b060b4f4e6e8ab49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe

Filesize
468KB

MD5
d3a1c3f80308d3404eb3a60ba1783f73

SHA1
4c15c09835719bedd729dd421b8fb95a7f0ea624

SHA256
43a58a9a68f075f4891052b83fb485f6c37e14783b37697562090f1467c4d790

SHA512
73944763c0706b5ecff8d141cb0934068bf7cefa0eadd8d8a817cff43fe903c47dc2d563b4d3a4a017480cdddb2fc683247722ec2bfd17184d2909e20750bde1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe

Filesize
468KB

MD5
bf8541c50ff6d971359e686c27307277

SHA1
2fa1f5796b4963c8b3f6cad9836698787644c834

SHA256
f844c3954726fedcbc560ce12caf31342a37260146f158e602d25dad0676fd2b

SHA512
f378ce5b2b3a6775bb08f87fa382773d53ecf93134574db38e5642897db2edb22aa73f9c0f61807f7816c160c83f7e8720fdd6d852cc327c1f838391dd3a24a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe

Filesize
468KB

MD5
2829b309f14c88c141f562b822badde9

SHA1
0661ba2168c0f4311803f86a10a215d59f3dce02

SHA256
7c0eeecdf428c8a3af651d4232f30ab1e06044a331f4d2420aea3e99f0c1752c

SHA512
a92b021d35bf958ea9017be954f87ad91bf4312a998c5de6359a5ba58e15a80cc22ecb7d15cc53850cc34049e1c6b81908958efcfb3561c4127277c64f7ff769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe

Filesize
468KB

MD5
9e8237849d347d5dad7f0320b040dde9

SHA1
2616af7722fc690ebbe24e1cd6f5b22c99e1d6f5

SHA256
089f18c73285a1e7a2cb6dfbc6d1c029132c4511c68b9d03d935b9b3a3a35f13

SHA512
2847dc051c2044e8063289ffd3a8caf3531a9b4e93c3d3dea249a29f897322860e163c75b2c5db2ec6fa01e79ed1b2f3238f15ae1c9caadcbea102a08b89c6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe

Filesize
468KB

MD5
59d980743195127aa2f2da01b68f299e

SHA1
141263ab9696fe019dd410a743e1cd0c8870752b

SHA256
d92f21ddd5c2d0045ff52f9061be6342ed86ee6e6d69d31eafa42e702504a68b

SHA512
15f2cf7c8cdec1e2eb824a96c794edd5fcf40cfffd402864c511c4ac6c9a7304c9eabdeeebd835051edfd0968af3925a23bdeb813f5c1a09df15cd47391e5418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe

Filesize
468KB

MD5
3a54e8dcb50d7d5461c129cd1c6a45c6

SHA1
31ad6a12207fe93dc3605f3068488274f9f48f9f

SHA256
582246e0357d6a7addc969323e63a02e3dd3ceb55b87e26c6824f9ebe89a8160

SHA512
fbebca5c80dbab0034a4bbb0b39a981dee5d3bdb7b44d58c2b83bc268071c8be8bb1223333bc005373e145912645773bfd1e843299828b55293b902ac6113756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe

Filesize
468KB

MD5
267fd836cfa77a38375789902e840f60

SHA1
4ff0a3f55e439a310ced79acd6d7673ae1f6327c

SHA256
94c80255f68b7a67c9207d14e04b61230e82fdb87a7e722ac8eced10d13e5058

SHA512
3aca2eb25c392c2d009226fc5d839e3ef44a3f81fb6f66b14f3ac9a02ae54344fc65e1d0d6b570328d7f2636f6a37d24f01f3ed241a1188f5cd5235c7c073bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe

Filesize
468KB

MD5
d64840a3f2b9bdf54ed41b9ab5c2d3e2

SHA1
00febb2be6448f185837b8722c90bccf4bf28e83

SHA256
ef291f9b9f022d790bd5a782c4130d068bc8c4245279d733a44165d5e15fa72d

SHA512
68bc475c86680445064ae07d99e85240aa980fa214bc4290d293c07ac7767b8d9d5a5a7ba053fb4aaf3f334b21c0d3a52c57d891208179b93530f723988cc2a7

Download Submit
memory/336-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/436-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/844-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/964-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1004-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1032-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1108-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1128-30-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1468-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1584-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-2669-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/1920-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3004-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3336-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3444-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3704-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3968-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4128-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4252-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4408-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4444-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4472-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-54-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4568-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4592-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4944-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4996-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5152-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5212-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5380-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5424-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5456-555-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5476-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5500-557-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14932-2636-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads