d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5c

Analysis

max time kernel
120s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
Size

468KB
MD5

6e7ff3ec8d527d248995ab7cbe8b0630
SHA1

56372168574f10017587fd4c4428a55c53114359
SHA256

d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5c
SHA512

c657e593a138ce0e2e231fa659ac66c5c16293a0a9da77ef15b00a516f18151e1c12e8822cafce4d8cbebcec96d745c844bd71b5e34809866a205a0b7103d9c4
SSDEEP

3072:tXsmogM9wb8U2bYfUz54ffDMnCbTtIXC+mHe3VGnfyVMB/13mHl9:tXloUYU2wU14ffpCx+fyax13m

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3808	Unicorn-42722.exe
744	Unicorn-55379.exe
3540	Unicorn-5664.exe
4312	Unicorn-9873.exe
2352	Unicorn-39400.exe
64	Unicorn-18234.exe
2072	Unicorn-12103.exe
2160	Unicorn-45530.exe
3816	Unicorn-968.exe
3996	Unicorn-12665.exe
4464	Unicorn-29386.exe
4608	Unicorn-47760.exe
3984	Unicorn-29121.exe
4508	Unicorn-29386.exe
4068	Unicorn-58529.exe
2696	Unicorn-54570.exe
3684	Unicorn-54570.exe
4108	Unicorn-12193.exe
4532	Unicorn-49889.exe
3156	Unicorn-63624.exe
4552	Unicorn-1072.exe
4176	Unicorn-61778.exe
4396	Unicorn-60169.exe
2296	Unicorn-63698.exe
2172	Unicorn-22287.exe
1640	Unicorn-31218.exe
888	Unicorn-391.exe
4596	Unicorn-47746.exe
1660	Unicorn-11544.exe
4284	Unicorn-39578.exe
2656	Unicorn-22977.exe
3292	Unicorn-58218.exe
2076	Unicorn-64186.exe
3864	Unicorn-15561.exe
4692	Unicorn-15754.exe
3980	Unicorn-15754.exe
1816	Unicorn-35899.exe
1516	Unicorn-16033.exe
3104	Unicorn-6049.exe
232	Unicorn-8249.exe
1356	Unicorn-377.exe
2892	Unicorn-377.exe
2740	Unicorn-49578.exe
3572	Unicorn-49578.exe
4480	Unicorn-41602.exe
3596	Unicorn-35472.exe
5036	Unicorn-17098.exe
3636	Unicorn-46241.exe
1212	Unicorn-17024.exe
1556	Unicorn-62961.exe
2888	Unicorn-17290.exe
5020	Unicorn-49962.exe
5076	Unicorn-40450.exe
4600	Unicorn-34319.exe
3512	Unicorn-23849.exe
3180	Unicorn-4248.exe
3036	Unicorn-64185.exe
3280	Unicorn-17983.exe
1924	Unicorn-61617.exe
1684	Unicorn-7015.exe
4344	Unicorn-46433.exe
4144	Unicorn-44290.exe
2544	Unicorn-16256.exe
1236	Unicorn-60818.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
8284	5672	WerFault.exe	223
8728	3108	WerFault.exe	164
15200	12280	WerFault.exe	681
15196	14144	WerFault.exe	669

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46930.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
15164	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2936	dwm.exe
Token: SeChangeNotifyPrivilege	2936	dwm.exe
Token: 33	2936	dwm.exe
Token: SeIncBasePriorityPrivilege	2936	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
3808	Unicorn-42722.exe
744	Unicorn-55379.exe
3540	Unicorn-5664.exe
4312	Unicorn-9873.exe
2352	Unicorn-39400.exe
2072	Unicorn-12103.exe
64	Unicorn-18234.exe
2160	Unicorn-45530.exe
3996	Unicorn-12665.exe
3816	Unicorn-968.exe
4068	Unicorn-58529.exe
4464	Unicorn-29386.exe
4508	Unicorn-29386.exe
3984	Unicorn-29121.exe
4608	Unicorn-47760.exe
2696	Unicorn-54570.exe
3684	Unicorn-54570.exe
4108	Unicorn-12193.exe
3156	Unicorn-63624.exe
4532	Unicorn-49889.exe
4552	Unicorn-1072.exe
4176	Unicorn-61778.exe
4396	Unicorn-60169.exe
888	Unicorn-391.exe
2296	Unicorn-63698.exe
1640	Unicorn-31218.exe
4596	Unicorn-47746.exe
4284	Unicorn-39578.exe
2172	Unicorn-22287.exe
1660	Unicorn-11544.exe
2656	Unicorn-22977.exe
3292	Unicorn-58218.exe
2076	Unicorn-64186.exe
3864	Unicorn-15561.exe
4692	Unicorn-15754.exe
3980	Unicorn-15754.exe
1816	Unicorn-35899.exe
3104	Unicorn-6049.exe
1516	Unicorn-16033.exe
232	Unicorn-8249.exe
1356	Unicorn-377.exe
4480	Unicorn-41602.exe
3572	Unicorn-49578.exe
2740	Unicorn-49578.exe
2892	Unicorn-377.exe
5036	Unicorn-17098.exe
3596	Unicorn-35472.exe
5020	Unicorn-49962.exe
3636	Unicorn-46241.exe
1212	Unicorn-17024.exe
3512	Unicorn-23849.exe
3036	Unicorn-64185.exe
1556	Unicorn-62961.exe
3180	Unicorn-4248.exe
1924	Unicorn-61617.exe
5076	Unicorn-40450.exe
4600	Unicorn-34319.exe
2888	Unicorn-17290.exe
1684	Unicorn-7015.exe
4344	Unicorn-46433.exe
3280	Unicorn-17983.exe
4144	Unicorn-44290.exe
1236	Unicorn-60818.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 3808	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	82
PID 3256 wrote to memory of 3808	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	82
PID 3256 wrote to memory of 3808	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	82
PID 3808 wrote to memory of 744	3808	Unicorn-42722.exe	83
PID 3808 wrote to memory of 744	3808	Unicorn-42722.exe	83
PID 3808 wrote to memory of 744	3808	Unicorn-42722.exe	83
PID 3256 wrote to memory of 3540	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	84
PID 3256 wrote to memory of 3540	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	84
PID 3256 wrote to memory of 3540	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	84
PID 744 wrote to memory of 4312	744	Unicorn-55379.exe	89
PID 744 wrote to memory of 4312	744	Unicorn-55379.exe	89
PID 744 wrote to memory of 4312	744	Unicorn-55379.exe	89
PID 3808 wrote to memory of 2352	3808	Unicorn-42722.exe	90
PID 3808 wrote to memory of 2352	3808	Unicorn-42722.exe	90
PID 3808 wrote to memory of 2352	3808	Unicorn-42722.exe	90
PID 3540 wrote to memory of 64	3540	Unicorn-5664.exe	91
PID 3540 wrote to memory of 64	3540	Unicorn-5664.exe	91
PID 3540 wrote to memory of 64	3540	Unicorn-5664.exe	91
PID 3256 wrote to memory of 2072	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	92
PID 3256 wrote to memory of 2072	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	92
PID 3256 wrote to memory of 2072	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	92
PID 4312 wrote to memory of 2160	4312	Unicorn-9873.exe	94
PID 4312 wrote to memory of 2160	4312	Unicorn-9873.exe	94
PID 4312 wrote to memory of 2160	4312	Unicorn-9873.exe	94
PID 744 wrote to memory of 3816	744	Unicorn-55379.exe	95
PID 744 wrote to memory of 3816	744	Unicorn-55379.exe	95
PID 744 wrote to memory of 3816	744	Unicorn-55379.exe	95
PID 2352 wrote to memory of 3996	2352	Unicorn-39400.exe	96
PID 2352 wrote to memory of 3996	2352	Unicorn-39400.exe	96
PID 2352 wrote to memory of 3996	2352	Unicorn-39400.exe	96
PID 64 wrote to memory of 4464	64	Unicorn-18234.exe	98
PID 64 wrote to memory of 4464	64	Unicorn-18234.exe	98
PID 64 wrote to memory of 4464	64	Unicorn-18234.exe	98
PID 3808 wrote to memory of 4608	3808	Unicorn-42722.exe	97
PID 3808 wrote to memory of 4608	3808	Unicorn-42722.exe	97
PID 3808 wrote to memory of 4608	3808	Unicorn-42722.exe	97
PID 2072 wrote to memory of 4508	2072	Unicorn-12103.exe	100
PID 2072 wrote to memory of 4508	2072	Unicorn-12103.exe	100
PID 2072 wrote to memory of 4508	2072	Unicorn-12103.exe	100
PID 3256 wrote to memory of 3984	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	99
PID 3256 wrote to memory of 3984	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	99
PID 3256 wrote to memory of 3984	3256	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	99
PID 3540 wrote to memory of 4068	3540	Unicorn-5664.exe	101
PID 3540 wrote to memory of 4068	3540	Unicorn-5664.exe	101
PID 3540 wrote to memory of 4068	3540	Unicorn-5664.exe	101
PID 2160 wrote to memory of 2696	2160	Unicorn-45530.exe	104
PID 2160 wrote to memory of 2696	2160	Unicorn-45530.exe	104
PID 2160 wrote to memory of 2696	2160	Unicorn-45530.exe	104
PID 3816 wrote to memory of 3684	3816	Unicorn-968.exe	105
PID 3816 wrote to memory of 3684	3816	Unicorn-968.exe	105
PID 3816 wrote to memory of 3684	3816	Unicorn-968.exe	105
PID 3996 wrote to memory of 4108	3996	Unicorn-12665.exe	106
PID 3996 wrote to memory of 4108	3996	Unicorn-12665.exe	106
PID 3996 wrote to memory of 4108	3996	Unicorn-12665.exe	106
PID 4312 wrote to memory of 4532	4312	Unicorn-9873.exe	107
PID 4312 wrote to memory of 4532	4312	Unicorn-9873.exe	107
PID 4312 wrote to memory of 4532	4312	Unicorn-9873.exe	107
PID 744 wrote to memory of 3156	744	Unicorn-55379.exe	108
PID 744 wrote to memory of 3156	744	Unicorn-55379.exe	108
PID 744 wrote to memory of 3156	744	Unicorn-55379.exe	108
PID 2352 wrote to memory of 4552	2352	Unicorn-39400.exe	109
PID 2352 wrote to memory of 4552	2352	Unicorn-39400.exe	109
PID 2352 wrote to memory of 4552	2352	Unicorn-39400.exe	109
PID 4464 wrote to memory of 4176	4464	Unicorn-29386.exe	110

C:\Users\Admin\AppData\Local\Temp\d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
"C:\Users\Admin\AppData\Local\Temp\d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        11⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        11⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        10⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        10⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        10⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        9⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27552.exe
        10⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
        10⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        10⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        9⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
        9⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        9⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        10⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        9⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        8⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        7⤵
        Executes dropped EXE
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        9⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        9⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        9⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        9⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        7⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        9⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        10⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        10⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        9⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        9⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        9⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        9⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        9⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        8⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        9⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        9⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        7⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        10⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
        10⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        8⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        10⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        10⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
        9⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        7⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10489.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        9⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        8⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        8⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        7⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        9⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        7⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        6⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        7⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        6⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        10⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        10⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        9⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        9⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        9⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        9⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        9⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        7⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        9⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        9⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        8⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        7⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        8⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        7⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        7⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        8⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        7⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        7⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4968.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
        6⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        8⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        8⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        7⤵
        
        PID:16220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 640
        6⤵
        Program crash
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63354.exe
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        6⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        7⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        7⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        7⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        6⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12280 -s 464
        7⤵
        Program crash
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        6⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        9⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        10⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        9⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        9⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        8⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        8⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        9⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        8⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        7⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        9⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        7⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        8⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        7⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        6⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        7⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        6⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        6⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        8⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        8⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        8⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        7⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        7⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        6⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        5⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        7⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
        6⤵
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        6⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        5⤵
        
        PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
      4⤵
      PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
      4⤵
      PID:16252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        6⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52642.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        7⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        7⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        5⤵
        
        PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        5⤵
        
        PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
      4⤵
      PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
      4⤵
      PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        7⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        6⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        5⤵
        
        PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        5⤵
        
        PID:11472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
      4⤵
      PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
    3⤵
    PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
      4⤵
      PID:14964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
    3⤵
    PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
    3⤵
    PID:12376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
    3⤵
    PID:16300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        9⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        9⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        9⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        9⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        6⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        7⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        6⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        8⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        6⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
        5⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        7⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        6⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        6⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        7⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        5⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        5⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
      4⤵
      PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
      4⤵
      PID:16688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        7⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        7⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        6⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        5⤵
        
        PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        6⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        6⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        5⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        5⤵
        
        PID:16024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61642.exe
      4⤵
      PID:13108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        7⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        6⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40224.exe
        5⤵
        
        PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        6⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21008.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12335.exe
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33031.exe
      4⤵
      PID:15104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59386.exe
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        5⤵
        
        PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        5⤵
        
        PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
      4⤵
      PID:11928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
    3⤵
    PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
    3⤵
    PID:11344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
    3⤵
    PID:14604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        9⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        8⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        7⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        7⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        6⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        6⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        5⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        6⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        5⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        6⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        6⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        5⤵
        
        PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
      4⤵
      PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62794.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
      4⤵
      PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        7⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51138.exe
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
      4⤵
      PID:16292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
    3⤵
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
      4⤵
      PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        5⤵
        
        PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
      4⤵
      PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6217.exe
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
    3⤵
    PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
      4⤵
      PID:16640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
    3⤵
    PID:10144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29218.exe
        6⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 632
        7⤵
        Program crash
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        6⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        6⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        5⤵
        
        PID:14144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14144 -s 468
        6⤵
        Program crash
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        5⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        5⤵
        
        PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        5⤵
        
        PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
      4⤵
      PID:16324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        6⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
    3⤵
    PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
      4⤵
      PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        5⤵
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
      4⤵
      PID:13480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
    3⤵
    PID:8536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
    3⤵
    PID:12348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        6⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        5⤵
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
    3⤵
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        5⤵
        
        PID:372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
      4⤵
      PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
      4⤵
      PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
      4⤵
      PID:16600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
    3⤵
    PID:9688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
    3⤵
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
      4⤵
      PID:13632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
      4⤵
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
    3⤵
    PID:9988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
    3⤵
    PID:14820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
    3⤵
    PID:16316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
  2⤵
  PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
    3⤵
    PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
      4⤵
      PID:16888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
    3⤵
    PID:10660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
    3⤵
    PID:13896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
  2⤵
  PID:6680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
    3⤵
    PID:8280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
    3⤵
    PID:12528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
    3⤵
    PID:16228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
    3⤵
    PID:16356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
  2⤵
  PID:14576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
  2⤵
  PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5672 -ip 5672
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3108 -ip 3108
1⤵
PID:7508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:15164

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe

Filesize
468KB

MD5
916b9d789b4120df4bcc2e4285c53072

SHA1
f1090f7955fe179dea283f8f7ff13b7fb211898c

SHA256
e042d0da89f1e89b2dc5aba82113c54b4715742ac914e84a382ff6b7ba0669b9

SHA512
a7a6fd7f8ec7be0bb7a6b802297b8745619a5cec25324910ddd5ba0b0bf5aa172559b36db13477207165ca2513645395f4f397d874fa0ad4d521c58ae3dc8957

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe

Filesize
468KB

MD5
a1d3f23dbaed1cd463ec0a1dc5d85f5b

SHA1
9428d93486597c584c322b50a8d9a1660c85a7d2

SHA256
07582297b4f7b53904c05a51e0399912582a256bd17b9e7a9941ac979ac0fd9b

SHA512
a429053d665254a971f9ccaba6a3bb154591d49dbb7ec6d26cdee109577a60eb546b5f57a977589cc19358b06b3823d0985a45a98c15f6b6a71df3ce7122ef09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe

Filesize
468KB

MD5
f8aafedd243bd00e2c8bb5f88706aa1b

SHA1
68a764e50b8ee904d0c36bfe319a3d11e31fbd78

SHA256
6bf99c5ef8f6477259567433b972e9ed8ec855aa403259c336b3ad77a8afd658

SHA512
5e656a7ed1ccf4c8b9f485395b7319d850dc93ce1bdc5bee67a1f21f97679977585274392280a25603a389e5f3f03c927a467795e7a0b28532f7d1117487eea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe

Filesize
468KB

MD5
22022f92c8b65c7f5074002142fd1d5e

SHA1
2c24a035fdce9b1131423991eb614ac7afcb424f

SHA256
b68528fa8b69aae1c342522fe83cce389bef94fab34206516e66f30d8790fe8f

SHA512
2d82de581047c7a7c9d17527ba6cc78910bfaf59cbdae91e0ed2b09d9e34ad67b75833b9874104d8048627952f4415ada32009f558a5105f1bf3df04dcd9f8a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe

Filesize
468KB

MD5
208fd386260f352f41b0b525460efa0e

SHA1
fcd840d1334960d9d03a56fcab93431d2ba156d4

SHA256
26e7f89328a1b1b187cd1f2025b8f92a06952007c4924e21fbb5a37c2020b33f

SHA512
7e49ee8d12a5b590170ce156a1b8326da9781b429724713da12f81d3219666afde7f95b6e8e6f3a12ac5b627d6f52dde8826e5cc8d2deafe27e1efdc74bab8c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe

Filesize
468KB

MD5
2106c827a1b3bbe7a32762cabc74b2b7

SHA1
4fbdfc0a736ba3b9d3b78e565628ebc460ee6d4a

SHA256
cb8387d3ca41489f110dc154c5f4dd4dd4dfc14189000ad21729740d5cca662f

SHA512
a1644521f96b27f24244ec7c8f9ce2b9c85aab7a3ba7f4c0c9d8365ac32cbd44497d8fa27151df6ca49886294d7e4f51efb290d5d1b60d04f3aecaafca966cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe

Filesize
468KB

MD5
c7b0316bb35c846518d4e40de5071b30

SHA1
bbb27ff0075a691f24d32bb7734de0bffd19e3c4

SHA256
b35b63489d8c2010a3745f20cbeab6fe47b9d004ca458f592d60385df66f2aab

SHA512
95ea7dcd5190d0ac4ea32d70eb381ceba49bf18a274e6e9c75e2a27afe67d775da1e9e2d366622a2c59201f88c782e02d8abda61a69d95c785a19d864aebda1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe

Filesize
468KB

MD5
5c85eeff54832fac55ca3ba0ccbfb4f7

SHA1
eae442af2a5ef794579aadf7056f4d42a45820b4

SHA256
ca96c8c103c187f4c49fa82abc4ab3afeed8a8ed84d6eb589b9c3edf7c4cf9eb

SHA512
b437980936e98d87bf8f40f4586415d2fc0d8bb4aefafb1ac95b8c3f959201bb1a6e616a3901dfdc6f2ff877aca0da368948af5a751559163b62c48bcc5ed585

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe

Filesize
468KB

MD5
96b7edf56f6883c8955b35cd167feb81

SHA1
5be98347a55adedbaeafda16945c6f9204a2acfc

SHA256
a0e8e9f5afaef1411c5f83c1392ae3e315c09f766e1a42e455240ab453e3bc08

SHA512
249dcc093f9769855b83be1c8486ed25141cf50801a3e511da763d76cbe594807a2409fd5b72caa7cc69bac9c1d7beef11146ec1a4bdd989a3dd1caceab4bd27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe

Filesize
468KB

MD5
c83718e732e950cc0700f43e0ada6251

SHA1
85567a18e5e792c14dd0e3c4173be35f15626375

SHA256
fc6d4562cab182c724f74619b25abd12165bf8006dd49ba4d2f4c2e1667fd10d

SHA512
5af577722a5bd4d8190904bd122c61047d0a86bf09bc947a1e2e7a70f74397701006569e3730ef780a789ce63eb29ac3b7c998fe68d10897374517dfa2388df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe

Filesize
468KB

MD5
17c03f4cb091a26318fb4766319efec8

SHA1
cfdb51edace5a55829b713d3235d350618eb88a2

SHA256
4e27c61deed4cbadfdff24ff37b57a6cf1fc5373c8bb232c1d0708a37ed76dc4

SHA512
d60c36df4ada73bdb05cabcfea81ea5d84e3296337abc36bd372b50de2d06a40d56683608fc97290ad4a6eeeae9a6bc195c46ee14c1df5a2fe975b19ba840eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe

Filesize
468KB

MD5
1ca52daadddb793af9c7685888a78bfd

SHA1
c295f1e817afdf306c063b506f5fd34bf18c91b0

SHA256
d3f0d5f7bae8f2f9b9796ff670b10e6b704fe25b20103fde32ee5372aaed7076

SHA512
a067d5e2d0b43b23426efd1f568f7724d27f8167516a9eeacbff084d7e7a935ea44506a7945ec7bf0f4f6353dc32f4f1cc21062a81f843b4885ed134e000e2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe

Filesize
468KB

MD5
d0b374e555bba515677b91812755474f

SHA1
43f75f9c05299cfb6e5a8207c29e2bedc0fae905

SHA256
aad8dd185cc94b060cff196c8f2f1883778fee58f2605d192dd8204dbc279625

SHA512
89497b3cdd233ea37e83c22b0c1cd53c7293e503347979f45e7c8977553f1e4280c538ba6e6c78f90f7d518ade72b75c7a2d63b4123dd5e9028002a25e737d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe

Filesize
468KB

MD5
bb3dc0ab3c604a7074314640ed843670

SHA1
7c8966f0b881b339bcec6e5f4209f46be4cb5a9d

SHA256
44fe8bf453ef482183b40ff83ebc95a34ebb2d561d7abd59275fd246b8b6332c

SHA512
ca127fc674e3424b87a667d3fde21d59448f9c67c86ed3c21042a947367d4e5e9d4e2d78ff00b23b1dcd77e81bbbe066eb5783b91878d16984cbcbc27b95c38b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe

Filesize
468KB

MD5
85615aea08953d6dd04228993781b825

SHA1
161720b7c2d257af43b556b74e8ea6c01dbb358b

SHA256
2b44e2cf39ae07664a9d9c5aec18d90586cbde176af0abf2cb5d43e632fb6c73

SHA512
85819053234c57fe40b74d8a3fa266b13c91e8bbe866b2584894f18951769d0cd2cec0d56e4ab79781a19be9a960f55bc2ee7e79db8c617c3cae8de628cd529f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe

Filesize
468KB

MD5
6cdb8432145ee666ebe4174381b86be6

SHA1
711cc189879a5efb5ace4cda0f16781e95f77a68

SHA256
ebafb150b129e48092988dddb1ee1af145741d922a6e52f5da0cddec9609f1e2

SHA512
73b1726be930363a3fd491dee502389e34eda6a43c794eccde9256864160d34a8b132a51bf3ad9b469be4ae87e07ef4f11db713a814c3912dbd78dec90e22657

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe

Filesize
468KB

MD5
b299c8218e74aa783ab82984794ca902

SHA1
ef703a6082e2a12e8700dd7c1d90b125b8a2f187

SHA256
87fd8bd4384306faa6710658750005203abfac0587fa754cebadb5cd3c99da48

SHA512
46385d17eadb3d8c876878969b39e3df99d722219abe3b0b14ccf52269798e32f4e08f81110acc6739ed88f273e2e4976c0ea70f7655cd44e9251d5917394bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe

Filesize
468KB

MD5
c15582fbb45d844b554a88b8428e0335

SHA1
95d165e75b9d69703aba650b3976b40a85a50f4f

SHA256
e7372ef0471409c3317a8fe32f718d81536e4fdaa6447b88979abdc03d5ef0a8

SHA512
f9cf321791d4f91215b0be8a425131d60248a05d5bb49679f6d883f19186995d1105142b4e64304664761185a8fbb597f685d665c505884d1541b582ef6168f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe

Filesize
468KB

MD5
7c700d1fbcefb62b9c2ba7d67bc5f7a8

SHA1
04e297687d98a3094471f714c4f6af67e820b795

SHA256
c4f54a3cdbfa18c2672b413bb945c55a319089f8d3261d75ee75cfd6d03eb417

SHA512
0d0f36703278c7af1a6a83850e79e3f7c3252839bab179f471c30f473ed37a22bd954fe61b5009c4811e7cb4bfbaa77a885853f6a449561bfd7e9f7c57d9e98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe

Filesize
468KB

MD5
aa15450953c441d345e7a76861896e38

SHA1
ed7a4f0c0e921be5c6396dd959bbb7f5c0dfa653

SHA256
3d0d0da2b6306940c30bd8a774781747fb62c93f65886680ea1e206c1e1ee30b

SHA512
7de13d4007b8f40b181f2a55a30cad4afe1128bba0727e2233b0c2627566b77bc839620076a1923064e41ffa48cc553c475bdb13015412aa55e0ed15a0c4e792

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe

Filesize
468KB

MD5
e796e9cf39903203d3a77fd3f09bb6c4

SHA1
c59126c15259fa0e9cfa780215d85b9cc9b05a99

SHA256
17c8a21736e46c1b53e50bbcbf720549be160fe10b2c927e25cf91e32433c763

SHA512
bc619aa54745e3e54824100c751a7db4b5a9cf9248d99ef662eb5253b3dde5dd4ecde57bc9febc47d07fce1fd7893413aa489ee0672c49ba82ff3ef8faa2c628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe

Filesize
468KB

MD5
2928801f1b5a01cd187675b762da3ec4

SHA1
112bd8a765ddc9c789c8a707afb263e26981a9e0

SHA256
23e99c97d02452941e7a89975d0cd2e4567c256126cea1b2841ccd36b2662d23

SHA512
9d8b08bacf94d35e15f86fc36b75a51e8b356fba7d81808f530bff1f76cb3fb0f849e3a5de3cdfdcbeac9f50102809eb0341f624e90ba3eac1714e4b76ce51f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe

Filesize
468KB

MD5
b02b625813820d8544c1e1b1d6cce35f

SHA1
967c26819c95f5a4b54951ae2be8aae0fae4a9ae

SHA256
fd444427e3e32c0b36efbedecfeb75e61e0ed81fa9dfb86544da67ff1490d0e0

SHA512
be86a627f37ecbca22aad4898a8df059307a87f3ffdea2a243ddd64574a7303dba46e81ce19e38edd0d0841abc46d8ec72d8e495a8c0b3fe52096255e47eb92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe

Filesize
468KB

MD5
ba353fa51c6ef2814d0ea1a75a727cb2

SHA1
dc692558d2949a46cc58d9f654746d384c90a5ed

SHA256
0de333cf9059e3082cbdbc5c121d2c22464ac34bff06e1c90b3b034e1ddd6d83

SHA512
b10be067b992429a9d8f856a7c9023e7850a2448d6dc8a818c4741d83e4271b9a4e33675b1de52cf97b0d86f5cd2b376cc48c538d71e487e13816739b300d25d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe

Filesize
468KB

MD5
324e1f6e2b333fab06e60ede9e5a311d

SHA1
0dcc89722d167ff981336d3e21f4a33d6e298af5

SHA256
8fd1458ac4b18f6e0e06d17ad528697e312cdf1f1c63d8fa8eb73970b05279f1

SHA512
390b34e4bfd4bef760a9a6dbdc7483a8e1c8610ec2f5ce003ab106fb6bab758f18bf3d15d4e638de8b6206439529b45e3d8423a91bedeef65224b113b25052aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe

Filesize
468KB

MD5
569f6c19111beb3a7e477a4663f8f65b

SHA1
e81047748a29640cdba71bb1cf8e0a627aaaf2df

SHA256
88f3e5b9186fb6bf21de5024f27634ed8fb4ffc0f599c165d993180b4019034c

SHA512
d3bb01ebfc4341d52892fd11bfa0e6eaa2698b2f7f0f95a320df15a18ca5b42fda9652831f15d752166b9395fa84a5186430e772660abfd25afee1f6be341849

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe

Filesize
468KB

MD5
f94a62782709ffde06e269cc87358e97

SHA1
56ff77f60eef64930479f95253669dc77d39dc69

SHA256
5d743ba2acddcd38c31357c2d39fbc3b1e5245156c89c2d74e28ca62a63b673f

SHA512
24f0c94f39d463f2b774d95954916e3a8b694366ae287903b52740731e18a42ef74a005a708298afee33157bd99f214d323caec030debad6526022ff83c50c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe

Filesize
468KB

MD5
eb3f69f7c105a700bc6f42276f028140

SHA1
e7146862c47f96688033ca4b5d70b55b0abdaeb6

SHA256
9dde9811df42e520279180d4ef87260d22db8b5d2dd07e2e7e3a769f9ca9ac7c

SHA512
65057933c952f7cd3cfa87ca683189dc043fc7c6d05ad6bc9f0500e06428f518ad0ac45b7246e002e10fa3b1e3c07b1b98cc53f00a819261b9749acc274c60c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe

Filesize
468KB

MD5
6b0ed160e2a504579a773bcba38f574e

SHA1
80445f4b40643bc5faa1d41b110e1874a235c654

SHA256
8e8e18a1cfca9c3481ceb0a261689c625fdf4d21e6d9ebaaba4de11f48c68436

SHA512
e0a8da57661ed4ba394cced5361da13b7d4e1b7b1ada441a32a9bf86419b27f63067b456a90262559f81fc995a34c8e9cbd06c17e4dfbf05734706265ef91af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe

Filesize
468KB

MD5
2abfa8003b58a075121981fd50d53cd0

SHA1
2263a9167b873ff3508e4e7868ce25fca995360a

SHA256
59e462870d8fa242406adf57b28fc7d43653425bb7b0b303b8d0d80f8a68e927

SHA512
a8a4d22ddd3429702dd7d667daad1924db8d1976f260ab0a99a4aa62ee9da65f7f99b11e2195edcf10f30d28b0205d7f06fd663a09d2d34005d161848d8c6888

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe

Filesize
468KB

MD5
8e86f489a43e85b4a2c32034f0851ca3

SHA1
0b4cb7d7549dfca965fbfe3f2ec6bb526f92a14a

SHA256
b3f462ac4ed0a6bb594ddf20bb6e4e6c9b07df02c5ad7984a4ac19415fc862f3

SHA512
45781210727348489a45c26f61f5392457a587d73a475f0b3075beb430867d63f7e217e24edda240356f2ccd893944dd467a96dcb9a8a85aa1bfcb0385cca6d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe

Filesize
468KB

MD5
7aba1a2062ffd290a855f4b2f0e9a6af

SHA1
49f2f708c2da5cb2342d6c1ef854bd00f32a7df8

SHA256
1b6d2024b36d5b11e9a77e51d8cdfc75793a8ed0c8782bac96edbcc78357133e

SHA512
a86d362c34fa8abcb9a2e5a4ba7e92df28a25ce2e7ec2efcea15c5980096d87174478c3ea9eafa3603cea99b024e4891fc8500903cf1f6dc7ec586151f0ecaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe

Filesize
468KB

MD5
74ee29963ff9e9668b3a99ef82308f6f

SHA1
52e086fc747c92a1e207d36e7321b0d918b17392

SHA256
00e8e9f1a5220886f8ee0b3efa0292a98911eba4aa401a021be8f162eaf48a4e

SHA512
d50ef6089958f5dffeed4681f2faa4ff148cd85d3a54dee059f9898c7a233a484c2ade589be35d72b10314aa1ee54e80085d3f408e4257687f885b1239d77b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe

Filesize
468KB

MD5
9612cf665534d4819e69bb42db0c2d3e

SHA1
f25775f2e9371103057089176200eaf7a37a5480

SHA256
1ae9992cd9b85d0c146466f890b805e5f5787a5752152b2dd1b7cdc76a7a1f95

SHA512
f3077f93dcad7fe83225acf9e9a71da842cd015a66807eb1f55eaffe1ddffb4772221b71fb5d7d5620f379d497939726aa4ae56d3978ac5d901ca6ad2cf37fbe

Download Submit
memory/64-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/232-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/744-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/888-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1212-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1660-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1816-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2136-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-2533-0x0000000074B40000-0x0000000074BDB000-memory.dmp

Filesize
620KB

Download
memory/2204-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2292-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2348-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2544-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3092-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3108-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3180-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3256-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3280-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3304-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3416-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3808-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3816-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3832-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3864-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3996-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4068-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4108-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4144-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4176-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4200-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4240-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4268-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4396-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4608-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4612-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4648-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4692-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4732-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5332-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-602-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5392-608-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14248-2369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14948-2711-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15108-2519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads