33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8

Analysis

max time kernel
143s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe
Size

468KB
MD5

53391b21c076336c60048de50c6a30eb
SHA1

ee16d566b148b90b319ac4a82569bf30179521a3
SHA256

33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8
SHA512

fda347a5d22eea3dbc275c057275ac02cedde190695fee71b0ca41fa94789ef22d3f51ea3904d933449838dc2502f1aeacae851ccf59b96a2a9acd7b39a3d90c
SSDEEP

3072:/bC3ogVd605ytbYEPYzhff8gg4bMW3pCnmHeVVVwDayVVU/uYelo:/baoX8ytHP+hffTZoaDa+O/uY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-5562.exe
4576	Unicorn-23051.exe
1744	Unicorn-64638.exe
3976	Unicorn-52791.exe
668	Unicorn-42577.exe
1420	Unicorn-28841.exe
1148	Unicorn-3351.exe
1748	Unicorn-17763.exe
3520	Unicorn-28623.exe
840	Unicorn-7456.exe
1492	Unicorn-27968.exe
3484	Unicorn-34099.exe
4888	Unicorn-27612.exe
652	Unicorn-2578.exe
4208	Unicorn-57901.exe
3800	Unicorn-4332.exe
2396	Unicorn-35613.exe
3988	Unicorn-7046.exe
4360	Unicorn-64415.exe
1800	Unicorn-13823.exe
1192	Unicorn-33689.exe
3920	Unicorn-23383.exe
4284	Unicorn-10368.exe
3364	Unicorn-64970.exe
4020	Unicorn-15214.exe
2652	Unicorn-14949.exe
208	Unicorn-6946.exe
388	Unicorn-63009.exe
5016	Unicorn-165.exe
4476	Unicorn-20031.exe
764	Unicorn-13543.exe
2192	Unicorn-4078.exe
1672	Unicorn-20969.exe
4384	Unicorn-38697.exe
2860	Unicorn-48903.exe
1916	Unicorn-55033.exe
4236	Unicorn-44727.exe
3940	Unicorn-41965.exe
5020	Unicorn-51525.exe
3568	Unicorn-7585.exe
4328	Unicorn-28967.exe
4860	Unicorn-18661.exe
1212	Unicorn-12530.exe
2332	Unicorn-41219.exe
1632	Unicorn-34997.exe
1400	Unicorn-33605.exe
4908	Unicorn-2879.exe
4872	Unicorn-51333.exe
4060	Unicorn-42403.exe
3024	Unicorn-12993.exe
4352	Unicorn-32859.exe
2756	Unicorn-32594.exe
4428	Unicorn-22644.exe
2736	Unicorn-18853.exe
2560	Unicorn-14768.exe
2348	Unicorn-14768.exe
1008	Unicorn-14768.exe
864	Unicorn-470.exe
2744	Unicorn-63207.exe
3804	Unicorn-16091.exe
1636	Unicorn-52272.exe
1652	Unicorn-56377.exe
4240	Unicorn-26205.exe
3260	Unicorn-31681.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5860	4328	WerFault.exe	134
16860	16196	WerFault.exe	786
13548	18508	Process not Found	1175
15832	6824	Process not Found	943
19400	4884	Process not Found	955
19360	1092	Process not Found	908

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31572.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4756	dwm.exe
Token: SeChangeNotifyPrivilege	4756	dwm.exe
Token: 33	4756	dwm.exe
Token: SeIncBasePriorityPrivilege	4756	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe
2416	Unicorn-5562.exe
4576	Unicorn-23051.exe
1744	Unicorn-64638.exe
3976	Unicorn-52791.exe
1420	Unicorn-28841.exe
668	Unicorn-42577.exe
1148	Unicorn-3351.exe
1748	Unicorn-17763.exe
1492	Unicorn-27968.exe
3484	Unicorn-34099.exe
840	Unicorn-7456.exe
4888	Unicorn-27612.exe
3520	Unicorn-28623.exe
652	Unicorn-2578.exe
4208	Unicorn-57901.exe
3800	Unicorn-4332.exe
2396	Unicorn-35613.exe
3988	Unicorn-7046.exe
1192	Unicorn-33689.exe
4360	Unicorn-64415.exe
1800	Unicorn-13823.exe
4020	Unicorn-15214.exe
4284	Unicorn-10368.exe
2652	Unicorn-14949.exe
3364	Unicorn-64970.exe
208	Unicorn-6946.exe
388	Unicorn-63009.exe
5016	Unicorn-165.exe
4476	Unicorn-20031.exe
764	Unicorn-13543.exe
2192	Unicorn-4078.exe
1672	Unicorn-20969.exe
4384	Unicorn-38697.exe
1916	Unicorn-55033.exe
4236	Unicorn-44727.exe
2860	Unicorn-48903.exe
3940	Unicorn-41965.exe
5020	Unicorn-51525.exe
3568	Unicorn-7585.exe
4328	Unicorn-28967.exe
1212	Unicorn-12530.exe
4860	Unicorn-18661.exe
2332	Unicorn-41219.exe
1632	Unicorn-34997.exe
1400	Unicorn-33605.exe
4908	Unicorn-2879.exe
2872	Unicorn-22745.exe
4872	Unicorn-51333.exe
4060	Unicorn-42403.exe
2756	Unicorn-32594.exe
3024	Unicorn-12993.exe
4428	Unicorn-22644.exe
4352	Unicorn-32859.exe
2348	Unicorn-14768.exe
2560	Unicorn-14768.exe
864	Unicorn-470.exe
3804	Unicorn-16091.exe
2736	Unicorn-18853.exe
2744	Unicorn-63207.exe
1008	Unicorn-14768.exe
1636	Unicorn-52272.exe
1652	Unicorn-56377.exe
3260	Unicorn-31681.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2416	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	89
PID 1908 wrote to memory of 2416	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	89
PID 1908 wrote to memory of 2416	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	89
PID 2416 wrote to memory of 4576	2416	Unicorn-5562.exe	92
PID 2416 wrote to memory of 4576	2416	Unicorn-5562.exe	92
PID 2416 wrote to memory of 4576	2416	Unicorn-5562.exe	92
PID 1908 wrote to memory of 1744	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	93
PID 1908 wrote to memory of 1744	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	93
PID 1908 wrote to memory of 1744	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	93
PID 4576 wrote to memory of 3976	4576	Unicorn-23051.exe	95
PID 4576 wrote to memory of 3976	4576	Unicorn-23051.exe	95
PID 4576 wrote to memory of 3976	4576	Unicorn-23051.exe	95
PID 1908 wrote to memory of 668	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	96
PID 1908 wrote to memory of 668	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	96
PID 1908 wrote to memory of 668	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	96
PID 2416 wrote to memory of 1420	2416	Unicorn-5562.exe	97
PID 2416 wrote to memory of 1420	2416	Unicorn-5562.exe	97
PID 2416 wrote to memory of 1420	2416	Unicorn-5562.exe	97
PID 1744 wrote to memory of 1148	1744	Unicorn-64638.exe	100
PID 1744 wrote to memory of 1148	1744	Unicorn-64638.exe	100
PID 1744 wrote to memory of 1148	1744	Unicorn-64638.exe	100
PID 3976 wrote to memory of 1748	3976	Unicorn-52791.exe	101
PID 3976 wrote to memory of 1748	3976	Unicorn-52791.exe	101
PID 3976 wrote to memory of 1748	3976	Unicorn-52791.exe	101
PID 4576 wrote to memory of 3520	4576	Unicorn-23051.exe	102
PID 4576 wrote to memory of 3520	4576	Unicorn-23051.exe	102
PID 4576 wrote to memory of 3520	4576	Unicorn-23051.exe	102
PID 1420 wrote to memory of 840	1420	Unicorn-28841.exe	103
PID 1420 wrote to memory of 840	1420	Unicorn-28841.exe	103
PID 1420 wrote to memory of 840	1420	Unicorn-28841.exe	103
PID 2416 wrote to memory of 1492	2416	Unicorn-5562.exe	104
PID 2416 wrote to memory of 1492	2416	Unicorn-5562.exe	104
PID 2416 wrote to memory of 1492	2416	Unicorn-5562.exe	104
PID 668 wrote to memory of 3484	668	Unicorn-42577.exe	105
PID 668 wrote to memory of 3484	668	Unicorn-42577.exe	105
PID 668 wrote to memory of 3484	668	Unicorn-42577.exe	105
PID 1908 wrote to memory of 4888	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	106
PID 1908 wrote to memory of 4888	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	106
PID 1908 wrote to memory of 4888	1908	33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe	106
PID 1148 wrote to memory of 652	1148	Unicorn-3351.exe	107
PID 1148 wrote to memory of 652	1148	Unicorn-3351.exe	107
PID 1148 wrote to memory of 652	1148	Unicorn-3351.exe	107
PID 1744 wrote to memory of 4208	1744	Unicorn-64638.exe	108
PID 1744 wrote to memory of 4208	1744	Unicorn-64638.exe	108
PID 1744 wrote to memory of 4208	1744	Unicorn-64638.exe	108
PID 1748 wrote to memory of 3800	1748	Unicorn-17763.exe	109
PID 1748 wrote to memory of 3800	1748	Unicorn-17763.exe	109
PID 1748 wrote to memory of 3800	1748	Unicorn-17763.exe	109
PID 3976 wrote to memory of 2396	3976	Unicorn-52791.exe	110
PID 3976 wrote to memory of 2396	3976	Unicorn-52791.exe	110
PID 3976 wrote to memory of 2396	3976	Unicorn-52791.exe	110
PID 3484 wrote to memory of 3988	3484	Unicorn-34099.exe	111
PID 3484 wrote to memory of 3988	3484	Unicorn-34099.exe	111
PID 3484 wrote to memory of 3988	3484	Unicorn-34099.exe	111
PID 840 wrote to memory of 4360	840	Unicorn-7456.exe	112
PID 840 wrote to memory of 4360	840	Unicorn-7456.exe	112
PID 840 wrote to memory of 4360	840	Unicorn-7456.exe	112
PID 668 wrote to memory of 1800	668	Unicorn-42577.exe	113
PID 668 wrote to memory of 1800	668	Unicorn-42577.exe	113
PID 668 wrote to memory of 1800	668	Unicorn-42577.exe	113
PID 4888 wrote to memory of 1192	4888	Unicorn-27612.exe	114
PID 4888 wrote to memory of 1192	4888	Unicorn-27612.exe	114
PID 4888 wrote to memory of 1192	4888	Unicorn-27612.exe	114
PID 1492 wrote to memory of 3920	1492	Unicorn-27968.exe	115

C:\Users\Admin\AppData\Local\Temp\33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe
"C:\Users\Admin\AppData\Local\Temp\33ceb4e047ff898cd7ec11d16e65d5e88836236de59479a214274bcd465ac2a8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        11⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        11⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        10⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        10⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        9⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        9⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        9⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        9⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        9⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        9⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        9⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        7⤵
        Executes dropped EXE
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        9⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        9⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
        9⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        8⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        10⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        10⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        10⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        9⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        9⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        9⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        8⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-586.exe
        9⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        8⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        8⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        7⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        7⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        7⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        7⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        7⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        7⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        9⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        10⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        10⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        10⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        9⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        9⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        8⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        9⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
        8⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe
        8⤵
        
        PID:180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        8⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        7⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        7⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        7⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        9⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        9⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48727.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        8⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        7⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        7⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        7⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        7⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        6⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23026.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        5⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
        9⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        9⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        9⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        9⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        8⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        9⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        9⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        8⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        7⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        7⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2651.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        7⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        6⤵
        
        PID:13532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        6⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        6⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
        5⤵
        
        PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        8⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        7⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        7⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        6⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31261.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        7⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
        6⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        7⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        6⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
        6⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        5⤵
        
        PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        5⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
      4⤵
      PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
      4⤵
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
      4⤵
      PID:12816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        7⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        7⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        6⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        6⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59771.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
        7⤵
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        7⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        7⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        6⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        5⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
        6⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        5⤵
        
        PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        5⤵
        
        PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
      4⤵
      PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
      4⤵
      Executes dropped EXE
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        7⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18597.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
        6⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46013.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
        6⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        5⤵
        
        PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        7⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        7⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
        6⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        6⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16196 -s 440
        6⤵
        Program crash
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        5⤵
        
        PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        5⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
      4⤵
      PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        5⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
      4⤵
      PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64867.exe
      4⤵
      PID:8820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        7⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48535.exe
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        5⤵
        
        PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
      4⤵
      PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        6⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
        5⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
        5⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        5⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
      4⤵
      PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
      4⤵
      PID:8792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
      4⤵
      PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
      4⤵
      PID:8904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
    3⤵
    PID:8768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
    3⤵
    PID:12112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
    3⤵
    PID:8444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        9⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        8⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        7⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        7⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
        7⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        8⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        7⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
        6⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        5⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55967.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        8⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        8⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        6⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        6⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        6⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        5⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        5⤵
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        5⤵
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
      4⤵
      PID:14848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        8⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2651.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        7⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        6⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        5⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        6⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        5⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
      4⤵
      PID:4460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
        6⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        5⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
        5⤵
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        6⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        6⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58677.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
      4⤵
      PID:15376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
      4⤵
      PID:17684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34505.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
      4⤵
      PID:13452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
      4⤵
      PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
      4⤵
      PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
      4⤵
      PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
      4⤵
      PID:11416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
    3⤵
    PID:10568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
    3⤵
    PID:14720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
    3⤵
    PID:5584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        8⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        8⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        7⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        7⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        6⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        5⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        6⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37972.exe
        5⤵
        
        PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2134.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        5⤵
        
        PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17094.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
      4⤵
      PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 720
        5⤵
        Program crash
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        5⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        5⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        5⤵
        
        PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
      4⤵
      PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        6⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        6⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
      4⤵
      PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
      4⤵
      PID:15400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
    3⤵
    PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        5⤵
        
        PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
      4⤵
      PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
      4⤵
      PID:15428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
    3⤵
    PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
    3⤵
    PID:10012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
    3⤵
    PID:13496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
    3⤵
    PID:16720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    3⤵
    PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        7⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        6⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        6⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        6⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        6⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        6⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8080.exe
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
      4⤵
      PID:17356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        5⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        5⤵
        
        PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
      4⤵
      PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
      4⤵
      PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
      4⤵
      PID:8160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        5⤵
        
        PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      4⤵
      PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
      4⤵
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12635.exe
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
    3⤵
    PID:10428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
    3⤵
    PID:13824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
      4⤵
      PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
    3⤵
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
      4⤵
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
      4⤵
      PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
      4⤵
      PID:13372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
    3⤵
    PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
      4⤵
      PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
      4⤵
      PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
      4⤵
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
    3⤵
    PID:10500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52367.exe
    3⤵
    PID:13828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
    3⤵
    PID:17708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
    3⤵
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        5⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        5⤵
        
        PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
      4⤵
      PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
      4⤵
      PID:18228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
    3⤵
    PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      4⤵
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
      4⤵
      PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
      4⤵
      PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
      4⤵
      PID:17476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
    3⤵
    PID:9548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
    3⤵
    PID:12208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
    3⤵
    PID:17340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
    3⤵
    PID:6184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
  2⤵
  PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
    3⤵
    PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
      4⤵
      PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
      4⤵
      PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
      4⤵
      PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
    3⤵
    PID:8588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    3⤵
    PID:11468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
    3⤵
    PID:16136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
    3⤵
    PID:16544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
  2⤵
  PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
    3⤵
    PID:7996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
    3⤵
    PID:10680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
    3⤵
    PID:14836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
    3⤵
    PID:6620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
  2⤵
  PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
    3⤵
    PID:15068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
    3⤵
    PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
    3⤵
    PID:13252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
  2⤵
  PID:10584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
  2⤵
  PID:14828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
  2⤵
  PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4328 -ip 4328
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 16196 -ip 16196
1⤵
PID:16600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6372 -ip 6372
1⤵
PID:2932

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe

Filesize
468KB

MD5
dde63d6be9f817641a54f3d8d7b75108

SHA1
f1917f6be05d25e3c8e84c5097d16ba606f16f6d

SHA256
3acc5dbbcd57a8381fde66f4df0d242f0f307eb7b76b79253d2f152fb0d00247

SHA512
0cb41855c79a3b8b872405c613198ec5fa02b1371423959814828dbeff6489e943f6b343705f41d7437a1db47d38994a85da3056c1cb082265f7f3abaa6a4eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe

Filesize
468KB

MD5
e26bb2c4414bf2fa602d3df5cba105ba

SHA1
8ada4f138ff08f0a1b5a3986cec622661280c95f

SHA256
51797b02f8378fe4322f01fcc5a0c2be4aa7b898932b4a4a4a41d971f457cf35

SHA512
3f56d79898bf18d41687cf36d3638bf7e9ff9f5a0e637265ab5cd97734c2ec8c1625001fe52fb97898ddd66c50fed062de0915ac51c361111dd776e4974fa494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe

Filesize
468KB

MD5
79b4df3608637f8852854a9934d5b87c

SHA1
91713f485ace4e7e67c075a433a930dc90bd6728

SHA256
b2fd461005faddd583ec1abdfcd56a60fdbd3bcb20fe5177ba5d63ee81622c5e

SHA512
58d50ac2b4d43d382742024a1fa6a5bc510bee6c587bb475f0e4d107e329b3906935b3a1970f4bc2930dacfc657f14be78a1fda6d928e8704eb942fbe9a9fd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe

Filesize
468KB

MD5
d9a6d9a1d12836bb38b9549c740b076c

SHA1
6b69bbb6348cf34e0499f7cf2a97d7d5d5e11c28

SHA256
96c4a8614c802c22bf0a0deb2575ad1afcf9496c53ce51df22b6d9679bf80394

SHA512
87dfd3f80438b1ee675c00ec990faaaf3c3f570d1ff678f17d686d86863d6112247d4127824e128e9425b9928c4e2494aafb43aa47cc9b0ee03215fe0d9ba750

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe

Filesize
468KB

MD5
c1874fb593dda0df0ca4fee508ef15a3

SHA1
09ffee0f36f86f741b6d85bbe44ed672125e89cb

SHA256
3a64b726a941fac9ffc91cef30e31db885013b2427a58d4c807b639346e4ebd3

SHA512
128fd8b6157f228c21e4661acbada11ddc121944eaf3ef8604833e01522a2e1fa3c56d55a15e1b8baa3077a1f42e58c47c6cf1ed3906259b1495ccd5141f3f1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe

Filesize
468KB

MD5
35699635b841d0520c05fc18b5e55b18

SHA1
d6329d15f733adae57264e36c7b9d31082c3b67b

SHA256
0e9fe34a9f4139c8f90b64a76ce4fa005cbf8e6fb7ac56e91f18917bfb958061

SHA512
0b880138350880056f76316baff99a1c53fd3a5ff7e5046244ca82b0bc94d3376540466ffd4119da2e2a2823e4974df5d13805f5332c0a372d407d9283b4f685

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe

Filesize
468KB

MD5
701a4c7dd9cf1902213bb3b1aeca961e

SHA1
9102a5daf13f29adeb50f0663491e79ee1076e8b

SHA256
a9ae0ccfde93f538886d399e804d11faa19e0b4597f2cef2500ab997f641dbab

SHA512
653ccdf7304bc425d960606e42b286879af59029c50f9eb7821cf6037c7bd0d4837c4ccaaada480726ce93e4cf53b8b1c0f8ac42cccf9a36670ada90c315b6cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe

Filesize
468KB

MD5
5703ee00d66ab6b3e33422ea915a584c

SHA1
705e8e42d897660845f6f28a0dc14344106e9be2

SHA256
434e36718cd2650d57a0b4344cb9fb7719607ddeef436cb5c653bcb0e8aa0296

SHA512
2f9760c3f863042d7d87d51a31affec0630efb60ad8211a2e4e9452dcbd72a241e5071cd16dac69c630e19458e87711213315e8cfe54a5f4c20ebdd77d1dcb21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe

Filesize
468KB

MD5
361df66c3487d376d8dedf48df16a024

SHA1
2e718528953420460f8399c1a85ad8ec5c530d79

SHA256
9964868dfd9d5eb5db69b91cd1f43e8c7a33edc3be79207be216709618895dea

SHA512
5b1a57d074588cf4810a41146f82a574552558d02c25b4ee8c02d6d603a9f29057a91e8985f37825652ca696a3dc3a47b2a16c1430d94d1134558e9515fd04a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe

Filesize
468KB

MD5
11ec636a7c9c5ff1c58d957b7ab09030

SHA1
bd7434aec4ab50031458e6e9c976d24befab126f

SHA256
1fe509da7341702c4ea500041678abde9e8459038a536837c1d077a7fbf6a5ef

SHA512
5d7afd816f9381f06dadb4b288966ef521cfc63674619c757b4328732e62f49b744c42fddac224d1a139221f3f61be5fa10ad267f94820a4fb33c9ef5b9f66f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe

Filesize
468KB

MD5
342196d5001b5ec811772b37386068ca

SHA1
397f57b8f53d3810ecaaf7ddfba95ad924e517a7

SHA256
3e0125134196b69206beedb410e42f0fdd27e6e56ac7ed3fd778cb38d8ccc97e

SHA512
3cdc85693c3dcf0f98607bd475584920cb5959654b85cbdd8c80a161f792b11db2433c9c1606b210f583724649883a94918c56126c4652da6d946a0538773c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe

Filesize
468KB

MD5
4f94a91c4e0261fb7d8092458f18f1f3

SHA1
aa00b87884c6615c4f5669aff1bce1fb9e7c7363

SHA256
cebd1539186cbfba052ac0f633dd558a1c94842a3ef415647ce10656201f9142

SHA512
0406c00ffd716d380f4bf0c47afc75526716015b15393a2cf76524dba18520fa3324a69cb48bf4784f83750951d8bf93ea797c3036bd84f71f8a146b9bc13f06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe

Filesize
468KB

MD5
244ad0513d7efdbe56a0a5f8f50de604

SHA1
8e2d2cfc70aa2557b8faf1ae63fe5e32d0693b77

SHA256
34586c8b2a2a34f42f9e9726a03d94a24db95aa70872fc2c9d025d625b513115

SHA512
b9cd218cdc78e9c45f41aa91e3cad07928e5758c4fd9d2990aa2244409f1dad26a29737759acd7f2bd37c1f80496d616941d3691b2b0090ec21322029c45fed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe

Filesize
468KB

MD5
71495dbbc4f434b858060ee2f9186a26

SHA1
58a631c06839ed43e4ad896db0d84a354ac11222

SHA256
3fcd2603f0c4fd6dc73d3e80c1f3fdf63157f7a707a14b6215aeb686a198adc4

SHA512
3ed328f9afa1bdc48a7081c71c42e49b3cf53c881699327e899045168494c471efb6ef5b2da2148e18fc50de7ed2ae647ee8390f129f4a4aabb02abf5f2e44e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe

Filesize
468KB

MD5
1c5dd10deac68f3fc997c611480f9682

SHA1
305970e885122836d244fd01ea5a15a4c72a4f19

SHA256
8bbdf2baac7fb137353a93657616b827ac6135f090dff50a1cfd1eba47ed5b60

SHA512
b9a58b039b0dafbd8e5b984a84ada92edf69eaf98bab3c36ca408656bf4d83ed7b092782a4993d5cd5b0ca087e3e5fa0a05832529945252bdd99d837dbfc3ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe

Filesize
468KB

MD5
3c0dbba1a6751fe6b9139a43342b34a7

SHA1
4f01581de220ef49a22e11edf00db43f10cfebd1

SHA256
bb9b5806e388f40e3184c6619470291c4d2733bade173ed12c35cec2084ce4c1

SHA512
7de886a9cbb52c55dab3d47cc4b5620a3c6a987d5c6bf82658e201d98294cf1237f88df5dba074f2666f3b422d9df4425dc213ed74ae6246f7e4e4f030f28eee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe

Filesize
468KB

MD5
d255fc421360f882b71a097307d80e41

SHA1
64d41942b51c6cfd06f1f9574fa8dff75c6fb6cf

SHA256
55d09b84f8979723c2fc0494b10807aa4d60ba0b88fcea4237de8bce862bf37f

SHA512
82d3c79ba40c7cfe9612529e066b5ad3a01010684530e173c2bdfc0031517018f3448adff3e872ae555eb48b677dfa2f900ab1bfc6d8868098909ce3993915a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe

Filesize
468KB

MD5
d711f7d91f6d46b1aa049fc437b699f5

SHA1
fecfc1b5eac5a41ec31ed76478260e7cccc3faf7

SHA256
63616dfb43599d407e1214599f1be5895692b9e19d8429ca85f5ef365b2a224e

SHA512
0546bef51bd21fd263cdcf407528b5d52ca734166c47bf939ef18291fced07d50b533aa323945146f100698441caa67e5e72150702315b82dfea8c22720847a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe

Filesize
468KB

MD5
3aa3bfde3032e7b469d3ed695c0feed4

SHA1
2ae5648d3381ea187b676b718415dc0e5cb2c695

SHA256
df0d8e4922d629a0abc9ec7dd10c524e835327782d69f542bf98649165baad9f

SHA512
1625160e59fbb61c2cf0ee04a2d4064a0f9aa51b204663af20f61b61cd194f99cc41841bed0ccace54578786cc38120089c6ebdb3b65d6b94647ab3acca34cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe

Filesize
468KB

MD5
461059362b6e3e6adef7d1786112482f

SHA1
2049e09501bb0466812a54401dddd3aa8fe530b6

SHA256
d433396f3cb43d61bddb8744b1a6713a5a330a42159ecc573036c844287b8f90

SHA512
bc11ec957d0b7babdec1439d9d832620712171a5c1b7685bead7a3fe64d18ebdf81c1abb1fcc7b214035858258bfe8312aca4de53cfe20e8f83b447e5c2ff75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe

Filesize
468KB

MD5
f6877854e944b66992839a9d805cd703

SHA1
99519869cab88452de8531356fa837a53dd0b219

SHA256
bb2e9c69e3d278d9f6d5f2eaafe77fd43db179ea48c3fcdc996d1b9b8de25d7d

SHA512
effffd398ceb1c4fe3775ed99b165b39cd99e6ee6f0d32961a211ac3aca0cdb3d41c378719158fffcaeeb942944421f932ae66f123071ff797860a315bce9da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe

Filesize
468KB

MD5
44b446bf684671a83028443aac282e6c

SHA1
c79cd3b1e7335e8ce6f5d5faaeb28a2fb2d07d21

SHA256
cc48ab5d20e8da8306108f229ec77f55c38c9402db55c17a6fb01ad0ff8b94ca

SHA512
2bcce03515ba28c06b7ca3b244640655c716a0a7fc5ce02ddf381d06a3b17413893ba71b2024bcc4dc318d45df94d8aa71d3027ba3d6bd59ec3c06baaff56588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe

Filesize
468KB

MD5
ae6c980c48f932cc7bd8d5d44f2f52b3

SHA1
4d6e17eddc4b6888542635b1457d3f185677f7ab

SHA256
cde244fdecb090290b8c9717a0460bd6118d9623edac48f69b15f9587bb3eb3c

SHA512
fa4d4de239e4e1354d6843153205339c2d28e7e6bb2e6e93ca9a4ee000d0417a2ce65d0b87a79dba2144c0698cca3df663f41d4b38d2a8a11508cbcb43f970c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe

Filesize
468KB

MD5
87de15f68d6355dbd64b1a347dbf886f

SHA1
a6696404994362c613dc3253e19d0d22200b2a61

SHA256
084ea7739a5c35e81d44f23b9b820a526137c0d502585db07630286a1238564c

SHA512
952f50c4ed80658110f6055ca00d97cbe90a03667d6acde3c4d046413eaaef18ad5de923fcc20dc7191a2472b2df7165b49fb8988476eaeec533b85c04e8a45f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe

Filesize
468KB

MD5
c79ac8e82cb6a281a365c89add5f31b5

SHA1
e86b0da77bc0c59d10316e6c04fee8d07c35ab8b

SHA256
73e32ca6579e35fcf8e6061fe55cc339c0071ed198a0e30b061077c5be58f15f

SHA512
495484c350e230f15757b1ae9f45c744b8868ae82fd7f182a09188d536170addbea34fdd291d39086af9ad685c28e849d284259946f54e9b1930088ae9b8611c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe

Filesize
468KB

MD5
752332d8141a81f8829f1881e7f5428b

SHA1
92b2ac32372e24ead58d1248082a2c35d4f4d657

SHA256
6a3f94e90ab7f0b45f6eb8743ecb347ebf58981c6cc70c5786ddbe41125d42b1

SHA512
1b85b523125d2dda14a144a04c672fbc63e99cd4c701c2c9d399972b22c45fabdc1941544d207fe0d67d98c277977b877474eb5f71be16a372fdb4fb9aaaa597

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe

Filesize
468KB

MD5
7f317cb6f6a2a8794468d13d5a28d58f

SHA1
0221261fa2e2f8e7ac3fbdae99c7b226b78aa030

SHA256
dc21c7b36ca7457218ec4850778b1a73a7ebb6c6bd0628e1aad10de1c3443c56

SHA512
e829824d77ca728981d6b021466a54e6f823220d7335927814640db80c42416cd6d19676532ccfe9f7e36b4e5ac41aed1feee811b349caa3d1ed94fd3e8d7d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe

Filesize
468KB

MD5
d87efb717c0bf93687d67116da5996f1

SHA1
8e721ab0b07646e4f099f253a5c71f0e785837b7

SHA256
3421115840683e6ab93fc01f6b0e40c5405b429882a12655a0dba583ee735caf

SHA512
b9ef4b13f06b3f1afdc562229da5037344546eac178389091ed61e40732d63fcfb7f723569d83bcca14b9c91d977deefa2430778718b6f4cef8ba8952fd2617b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe

Filesize
468KB

MD5
2e8e44c76f66f65c83cc5dca108efe01

SHA1
fb6c153ab35ce4a2ef198f062a5384b87e22f660

SHA256
3499a27a601546550a58454df2a15979e8b6c61924466427e84da61877251b70

SHA512
f4518186a4bc6238189f9ccd5cca65e5d240972c6dcf19d262d9d0aee5796db14de43174c16361f91b836eb38d0d3d8248788ad2e3a5ecb4cf4d3d482a293487

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe

Filesize
468KB

MD5
f6d3179dcc9466143f684d3b2083368b

SHA1
495801c0220e1611d9d4dd3502eac0f6db11be0a

SHA256
3b39fb14bc97bffd7e03388d6b396272a5b09ec0ee01d16a42c6bf71da929f21

SHA512
1f1980644c6a787c12c42e13ea270efa90c25ec22bb6c00f99e3be978ecf8e926c5359484a8f4621f59d10f377ee555fadba2d0ae9a70c3f5f4527c308e82190

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe

Filesize
468KB

MD5
fc510098198aeb1a818d5846d5b0efc3

SHA1
b2f79e985a219020fa18934551e220eb76dedbfe

SHA256
eb99043aa35bce98b1ebbae532c7a369cf705791401602c3ad998d9e063ff3b8

SHA512
a6ed06de3bb31a4fbd73671b8ae40adf61ca2902091dd8bc72af8f51ee0230fe07f6d2f2b80297ed2499b5c975bf9b3fd232142e3398ef0682acce387edb2368

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe

Filesize
468KB

MD5
e994ec5e22e2cfb53809c5a958358c20

SHA1
cb9d5d6d07479589039308d41b6b56068fd6af02

SHA256
6b303235cd3358bf399424b8b23841614553479f098a72a8edd8686bd40f9189

SHA512
755ac577b72ea0ae5e4578ac0cb05a0fe012127321fa626ce64d72dd2be90fc248412422e5395736f7d9be84a5e75f888131f88245434a4cb6467481397d5616

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe

Filesize
468KB

MD5
8eb4923f1e63b1cced8770e6aab75c88

SHA1
2dc5a7b121743ff1aed06a853db9f51af4ff2c9a

SHA256
51a31a7ab3d99316e4d8f1dc6976e36e58ecda811b4bf90a0e31bf005112a35b

SHA512
c143c5bd25d9bf52dd995ae79c4693110d5825c3d34cb7ef580c37babcd612443f7f460f056dc3ef96f887e474b87d38a944087f2250121f3d324454e8c853f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe

Filesize
468KB

MD5
44823797b07e838e4c669384729c70ce

SHA1
d142a9e6308bb408d03a62e54d269f411b8c480e

SHA256
ae4249304f9ee2728108f4700ca00d8cb46292fb204a4ee4c5ae0d36338bf30b

SHA512
7ce52b6716e770ca1f1713d339673d1640279b78333f8fbc544a79b7d623665b937252ddc916591d8b31f22fc747fade648d6be236710e8aa061427c31851c54

Download Submit
memory/12300-3595-0x0000000077970000-0x000000007797A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads