c45a3c3f0ea68f8671ae3e5b511680667e31a0406b9c72b37b849fe2ac8f37d1

Analysis

max time kernel
119s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b4f0e348a0845d5470de95eb5fca6d0N.exe
Size

468KB
MD5

9b4f0e348a0845d5470de95eb5fca6d0
SHA1

dbbb9049b8dc970849d07dfa7f3846b42bb3f676
SHA256

c45a3c3f0ea68f8671ae3e5b511680667e31a0406b9c72b37b849fe2ac8f37d1
SHA512

1f4dfe5651e06f1ae716dcc312cd2d5bf2bd7fe370626a68bca7ff4ae3936064347b732d2e9b7603db798e7c7e3c1adf444a848390fd388b2ef11ee6547f21b1
SSDEEP

3072:B1NfogCday8Unb/EPz5Fff1DfUWWI8zzmHe7VpInv2Pu3hfrhlVlz:B1hosLUnoP1Fff8xxsv2Pktrhl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3668	Unicorn-45770.exe
2572	Unicorn-59174.exe
1536	Unicorn-43392.exe
3392	Unicorn-19294.exe
1188	Unicorn-34238.exe
3332	Unicorn-52058.exe
4120	Unicorn-58188.exe
888	Unicorn-59304.exe
1696	Unicorn-25816.exe
3756	Unicorn-19040.exe
1064	Unicorn-565.exe
5088	Unicorn-300.exe
1764	Unicorn-11426.exe
4884	Unicorn-31292.exe
2276	Unicorn-29245.exe
4876	Unicorn-7939.exe
728	Unicorn-39220.exe
4828	Unicorn-13969.exe
2736	Unicorn-44696.exe
784	Unicorn-34944.exe
3760	Unicorn-48680.exe
2796	Unicorn-26030.exe
3848	Unicorn-26035.exe
4104	Unicorn-43134.exe
5092	Unicorn-47218.exe
2248	Unicorn-27352.exe
1908	Unicorn-47218.exe
3916	Unicorn-51037.exe
4324	Unicorn-10361.exe
4492	Unicorn-62163.exe
3524	Unicorn-47218.exe
3484	Unicorn-29512.exe
2932	Unicorn-56709.exe
2084	Unicorn-17159.exe
4496	Unicorn-23290.exe
2924	Unicorn-47794.exe
4888	Unicorn-36096.exe
2772	Unicorn-55962.exe
2928	Unicorn-36096.exe
1268	Unicorn-31266.exe
1432	Unicorn-61992.exe
1068	Unicorn-60714.exe
2484	Unicorn-48105.exe
3920	Unicorn-60622.exe
1652	Unicorn-23674.exe
4332	Unicorn-3808.exe
1832	Unicorn-8322.exe
3020	Unicorn-27566.exe
1008	Unicorn-35739.exe
3676	Unicorn-44670.exe
2068	Unicorn-44670.exe
4732	Unicorn-48754.exe
4080	Unicorn-13943.exe
1420	Unicorn-45225.exe
4840	Unicorn-65090.exe
4312	Unicorn-49309.exe
3276	Unicorn-49309.exe
4392	Unicorn-34364.exe
1632	Unicorn-18582.exe
1456	Unicorn-32317.exe
4836	Unicorn-11540.exe
1132	Unicorn-63336.exe
3764	Unicorn-48946.exe
4760	Unicorn-49501.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
15348	13428	WerFault.exe	653
14112	13396	WerFault.exe	650

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9745.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16272	dwm.exe
Token: SeChangeNotifyPrivilege	16272	dwm.exe
Token: 33	16272	dwm.exe
Token: SeIncBasePriorityPrivilege	16272	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe
3668	Unicorn-45770.exe
2572	Unicorn-59174.exe
1536	Unicorn-43392.exe
3392	Unicorn-19294.exe
1188	Unicorn-34238.exe
3332	Unicorn-52058.exe
4120	Unicorn-58188.exe
888	Unicorn-59304.exe
1696	Unicorn-25816.exe
3756	Unicorn-19040.exe
5088	Unicorn-300.exe
4884	Unicorn-31292.exe
1064	Unicorn-565.exe
1764	Unicorn-11426.exe
2276	Unicorn-29245.exe
4876	Unicorn-7939.exe
728	Unicorn-39220.exe
4828	Unicorn-13969.exe
2736	Unicorn-44696.exe
784	Unicorn-34944.exe
3760	Unicorn-48680.exe
2796	Unicorn-26030.exe
3848	Unicorn-26035.exe
4104	Unicorn-43134.exe
3916	Unicorn-51037.exe
5092	Unicorn-47218.exe
4324	Unicorn-10361.exe
2248	Unicorn-27352.exe
3524	Unicorn-47218.exe
1908	Unicorn-47218.exe
4492	Unicorn-62163.exe
3484	Unicorn-29512.exe
2932	Unicorn-56709.exe
4496	Unicorn-23290.exe
2084	Unicorn-17159.exe
2924	Unicorn-47794.exe
4888	Unicorn-36096.exe
2772	Unicorn-55962.exe
2928	Unicorn-36096.exe
1268	Unicorn-31266.exe
1432	Unicorn-61992.exe
1068	Unicorn-60714.exe
2484	Unicorn-48105.exe
3920	Unicorn-60622.exe
4332	Unicorn-3808.exe
1832	Unicorn-8322.exe
3020	Unicorn-27566.exe
1008	Unicorn-35739.exe
4080	Unicorn-13943.exe
2068	Unicorn-44670.exe
1420	Unicorn-45225.exe
3676	Unicorn-44670.exe
1632	Unicorn-18582.exe
4836	Unicorn-11540.exe
4392	Unicorn-34364.exe
4312	Unicorn-49309.exe
4732	Unicorn-48754.exe
4840	Unicorn-65090.exe
3276	Unicorn-49309.exe
1456	Unicorn-32317.exe
1132	Unicorn-63336.exe
3764	Unicorn-48946.exe
3344	Unicorn-30472.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 3668	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	87
PID 2768 wrote to memory of 3668	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	87
PID 2768 wrote to memory of 3668	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	87
PID 3668 wrote to memory of 2572	3668	Unicorn-45770.exe	88
PID 3668 wrote to memory of 2572	3668	Unicorn-45770.exe	88
PID 3668 wrote to memory of 2572	3668	Unicorn-45770.exe	88
PID 2768 wrote to memory of 1536	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	89
PID 2768 wrote to memory of 1536	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	89
PID 2768 wrote to memory of 1536	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	89
PID 2572 wrote to memory of 3392	2572	Unicorn-59174.exe	90
PID 2572 wrote to memory of 3392	2572	Unicorn-59174.exe	90
PID 2572 wrote to memory of 3392	2572	Unicorn-59174.exe	90
PID 3668 wrote to memory of 1188	3668	Unicorn-45770.exe	91
PID 3668 wrote to memory of 1188	3668	Unicorn-45770.exe	91
PID 3668 wrote to memory of 1188	3668	Unicorn-45770.exe	91
PID 2768 wrote to memory of 3332	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	92
PID 2768 wrote to memory of 3332	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	92
PID 2768 wrote to memory of 3332	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	92
PID 1536 wrote to memory of 4120	1536	Unicorn-43392.exe	93
PID 1536 wrote to memory of 4120	1536	Unicorn-43392.exe	93
PID 1536 wrote to memory of 4120	1536	Unicorn-43392.exe	93
PID 3392 wrote to memory of 888	3392	Unicorn-19294.exe	98
PID 3392 wrote to memory of 888	3392	Unicorn-19294.exe	98
PID 3392 wrote to memory of 888	3392	Unicorn-19294.exe	98
PID 2572 wrote to memory of 1696	2572	Unicorn-59174.exe	99
PID 2572 wrote to memory of 1696	2572	Unicorn-59174.exe	99
PID 2572 wrote to memory of 1696	2572	Unicorn-59174.exe	99
PID 3332 wrote to memory of 3756	3332	Unicorn-52058.exe	100
PID 3332 wrote to memory of 3756	3332	Unicorn-52058.exe	100
PID 3332 wrote to memory of 3756	3332	Unicorn-52058.exe	100
PID 4120 wrote to memory of 1064	4120	Unicorn-58188.exe	101
PID 4120 wrote to memory of 1064	4120	Unicorn-58188.exe	101
PID 4120 wrote to memory of 1064	4120	Unicorn-58188.exe	101
PID 1536 wrote to memory of 1764	1536	Unicorn-43392.exe	103
PID 1536 wrote to memory of 1764	1536	Unicorn-43392.exe	103
PID 1536 wrote to memory of 1764	1536	Unicorn-43392.exe	103
PID 2768 wrote to memory of 5088	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	102
PID 2768 wrote to memory of 5088	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	102
PID 2768 wrote to memory of 5088	2768	9b4f0e348a0845d5470de95eb5fca6d0N.exe	102
PID 1188 wrote to memory of 4884	1188	Unicorn-34238.exe	104
PID 1188 wrote to memory of 4884	1188	Unicorn-34238.exe	104
PID 1188 wrote to memory of 4884	1188	Unicorn-34238.exe	104
PID 3668 wrote to memory of 2276	3668	Unicorn-45770.exe	105
PID 3668 wrote to memory of 2276	3668	Unicorn-45770.exe	105
PID 3668 wrote to memory of 2276	3668	Unicorn-45770.exe	105
PID 888 wrote to memory of 4876	888	Unicorn-59304.exe	107
PID 888 wrote to memory of 4876	888	Unicorn-59304.exe	107
PID 888 wrote to memory of 4876	888	Unicorn-59304.exe	107
PID 3392 wrote to memory of 728	3392	Unicorn-19294.exe	108
PID 3392 wrote to memory of 728	3392	Unicorn-19294.exe	108
PID 3392 wrote to memory of 728	3392	Unicorn-19294.exe	108
PID 1696 wrote to memory of 4828	1696	Unicorn-25816.exe	109
PID 1696 wrote to memory of 4828	1696	Unicorn-25816.exe	109
PID 1696 wrote to memory of 4828	1696	Unicorn-25816.exe	109
PID 3756 wrote to memory of 2736	3756	Unicorn-19040.exe	110
PID 3756 wrote to memory of 2736	3756	Unicorn-19040.exe	110
PID 3756 wrote to memory of 2736	3756	Unicorn-19040.exe	110
PID 3332 wrote to memory of 784	3332	Unicorn-52058.exe	111
PID 3332 wrote to memory of 784	3332	Unicorn-52058.exe	111
PID 3332 wrote to memory of 784	3332	Unicorn-52058.exe	111
PID 2572 wrote to memory of 3760	2572	Unicorn-59174.exe	112
PID 2572 wrote to memory of 3760	2572	Unicorn-59174.exe	112
PID 2572 wrote to memory of 3760	2572	Unicorn-59174.exe	112
PID 5088 wrote to memory of 2796	5088	Unicorn-300.exe	113

C:\Users\Admin\AppData\Local\Temp\9b4f0e348a0845d5470de95eb5fca6d0N.exe
"C:\Users\Admin\AppData\Local\Temp\9b4f0e348a0845d5470de95eb5fca6d0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        10⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        11⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        11⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        10⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        10⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        9⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        9⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        9⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        9⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59221.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        9⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        9⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        8⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        7⤵
        Executes dropped EXE
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        10⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        10⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        9⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        9⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        9⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        9⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        8⤵
        
        PID:19652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
        8⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        7⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:19784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        9⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        8⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        8⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        9⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        9⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        8⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        8⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        7⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        9⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        8⤵
        
        PID:20068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        7⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        7⤵
        
        PID:19960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        7⤵
        
        PID:20052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        6⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        10⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        9⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        9⤵
        
        PID:20388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        9⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        8⤵
        
        PID:19504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:19644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        7⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        9⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34834.exe
        9⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        7⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        7⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60079.exe
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        6⤵
        
        PID:20076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        8⤵
        
        PID:19636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47301.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        8⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        5⤵
        
        PID:20036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        9⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        10⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        9⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
        9⤵
        
        PID:17976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        9⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        8⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        8⤵
        
        PID:20428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        7⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        7⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        9⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        9⤵
        
        PID:20064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        8⤵
        
        PID:20444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        7⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        7⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        8⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        7⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        8⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        5⤵
        
        PID:19936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        6⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        9⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        9⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        7⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        6⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        8⤵
        
        PID:20408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        5⤵
        
        PID:20004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        6⤵
        
        PID:20136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        5⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        5⤵
        
        PID:20336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
      4⤵
      PID:15940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        9⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        9⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        8⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        8⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        6⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        7⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        7⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        8⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        7⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        5⤵
        
        PID:20276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
      4⤵
      PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
      4⤵
      PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
      4⤵
      PID:16480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        8⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        8⤵
        
        PID:19832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        7⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30515.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        5⤵
        
        PID:15692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        6⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        6⤵
        
        PID:20252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
      4⤵
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        7⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        6⤵
        
        PID:20008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
      4⤵
      PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
      4⤵
      PID:15888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        6⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        6⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        5⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      4⤵
      PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:20096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
      4⤵
      PID:19864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
    3⤵
    PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
    3⤵
    PID:10224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
    3⤵
    PID:13664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
    3⤵
    PID:17704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1385.exe
        9⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        10⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        10⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        9⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        8⤵
        
        PID:19996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        8⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        7⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        7⤵
        
        PID:20340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        6⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        8⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13428 -s 436
        9⤵
        Program crash
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        8⤵
        
        PID:20260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        7⤵
        
        PID:19600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        6⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        5⤵
        
        PID:17692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        5⤵
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        5⤵
        
        PID:19692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        6⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        5⤵
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
      4⤵
      PID:16248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        8⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        8⤵
        
        PID:19608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        7⤵
        
        PID:17732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        6⤵
        
        PID:20108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        5⤵
        
        PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        5⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      4⤵
      PID:15644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        5⤵
        
        PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
      4⤵
      PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
      4⤵
      PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        5⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
      4⤵
      PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
    3⤵
    PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        5⤵
        
        PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
      4⤵
      PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
    3⤵
    PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
      4⤵
      PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      4⤵
      PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
    3⤵
    PID:11792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
    3⤵
    PID:15932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        9⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        8⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        8⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        9⤵
        
        PID:19512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
        8⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        7⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        8⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        9⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        8⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        7⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        7⤵
        
        PID:19496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        6⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        8⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        6⤵
        
        PID:19796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        7⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        5⤵
        
        PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        5⤵
        
        PID:19588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
      4⤵
      PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
      4⤵
      PID:15784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        6⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        5⤵
        
        PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
      4⤵
      PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25902.exe
      4⤵
      PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
      4⤵
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        7⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
      4⤵
      PID:14300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        5⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
      4⤵
      PID:16288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
    3⤵
    PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
      4⤵
      PID:13396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13396 -s 460
        5⤵
        Program crash
        
        PID:14112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
    3⤵
    PID:10724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
    3⤵
    PID:2148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        7⤵
        
        PID:19488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        6⤵
        
        PID:20436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        6⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        7⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        6⤵
        
        PID:19968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        5⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        5⤵
        
        PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        5⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
      4⤵
      PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
      4⤵
      PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
      4⤵
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
      4⤵
      PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
      4⤵
      PID:16080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        5⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        5⤵
        
        PID:20420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
      4⤵
      PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      4⤵
      PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
      4⤵
      PID:20400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
    3⤵
    PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
    3⤵
    PID:10340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
    3⤵
    PID:14444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
    3⤵
    PID:15744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
    3⤵
    - Executes dropped EXE
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        5⤵
        
        PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
      4⤵
      PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
      4⤵
      PID:17524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
    3⤵
    PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
      4⤵
      PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
      4⤵
      PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
    3⤵
    PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
      4⤵
      PID:16020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
    3⤵
    PID:15988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        5⤵
        
        PID:19772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
    3⤵
    PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
      4⤵
      PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      4⤵
      PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
    3⤵
    PID:10672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
    3⤵
    PID:16064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
  2⤵
  PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
    3⤵
    PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      4⤵
      PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
    3⤵
    PID:11860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
  2⤵
  PID:7544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
    3⤵
    PID:11532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
  2⤵
  PID:10796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
  2⤵
  PID:16032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 13396 -ip 13396
1⤵
PID:13888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 13428 -ip 13428
1⤵
PID:15212

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe

Filesize
468KB

MD5
92d927e1fb1396298bb4566be070de5d

SHA1
dab83ddb5bb19182155cee0a24757de2ed6f69a2

SHA256
e553bb8b9ead9a8c6ddf2a52dded13f3f4c6f53a793d7020fb9f7b4a8d2ba54a

SHA512
2c51fa8683833558515e08ae5c0a32b8f4fb7e07d39ddf3e4c890a6e593d04db88b85d3b040fab92551c956623159315adee386ded5510843707dacd1194922d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe

Filesize
468KB

MD5
bd844997477443b154302d960853575e

SHA1
67941b5d385e9c1118177ad19649ab8651ae1608

SHA256
a8bd73cb3e1ccc2d69ff0733f09598436f670c3a725dace117719d7dd03c7c4a

SHA512
060f62e5970700e9cfa3b0f1bd8f879e89d2f9e5e8fd28da5ec7b9f18db7182380fe6b77456a35e9be80c2d76d478a190414f0d08537cd4497627674d7f38798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe

Filesize
468KB

MD5
d1037c0619b69e15bda652e495aa5479

SHA1
dbf8e9b03965be3f165330f78f63b6cf56aa451d

SHA256
32a59b1c3c2ada042eb1ef375ca75e95cd00a20d2b7d60652bc5101b1c1693e6

SHA512
bc87c6da33f9f743e40167064e2a42a1b3b6905b30242fec34ad37358d2307e55100dd8f1a57a6b6876486d1d18364d87f597bdfb53f16f3347845a0301f144e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe

Filesize
468KB

MD5
72950a5ee6d92e0089be31c8c5d4ffa7

SHA1
5f03466179f6f593445cdb89e4041cfbf833149f

SHA256
117f68ddd0ce85a7c0d09a547ed36e49584702ed1cb66d5033136043208fbcfc

SHA512
8bdbb69351275dd28c80e7bbb44f7758a973ab89fb54a38a8b476636176e571d961e5dc0be3436d4c4c7920b19f1b2c2faaface50d495f401cec6df8d118c564

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe

Filesize
468KB

MD5
9b7a74217bdee4195fbbbb129cf2df3f

SHA1
853804261f642186b2c8e9098c856ce1a7cd3880

SHA256
90964b41e36a430ff832fb977cdd08998bf9391211a85a066207f4e46e492e11

SHA512
dc0254de482e49764f1f268dc460971eb50f11b69e3efbf5e562eb93769f36761cd3a523801b640105c506993f66530b6564033cc1c8fd0e93ca9d8b6b915788

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe

Filesize
468KB

MD5
e1af74c1aacb1afbd34c8aeb735da60a

SHA1
dc979c82491d4c031057c5b0fbc227c8b1dc0b90

SHA256
88bf2674fc8345fc9e16b80db955d479c484e16ee8d02ba6585ca9570ea0c8e4

SHA512
663db3606bf975a66c0cc6fe15ab8a38049f290d1edc890b302764a8219ad69c3f02c699451f4e2fc255d1d28e023a329e67c09a0f55e49e5a2e4ed4a8ac653c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe

Filesize
468KB

MD5
1791fbe16ffc68cf2c5b2a0aaf896f40

SHA1
ed12e66764e745e080f226434197f49fb9642bd0

SHA256
04e0adba34b5fd1db2ad85a7ad39bbede46935c650316fa10d4c3f8d3879e337

SHA512
e5378fc86eeb5c408c1f0f015bb6b344bf2b1e93e6169f60e1dda81bb1acd9265cc974c9e6e9f02cc26e8651ef699e20ada6e656dec345f192ef56f505eaf59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe

Filesize
468KB

MD5
f8327a5aedbe4503c3c4b40c79750be4

SHA1
7d3501e4d40f5e23e81c13ddc34780c7d8e08388

SHA256
b6d11745ad9a4e1f8673823b397aa07d1e90381d4ba89054e76f6e4b9c3fe77b

SHA512
ddf5c7ec0dce5fde4ee04ab8866206643977d8bc0c08a03239edd082b6ba072d912b14960e70aaa813e488411ce93f079e5ed7700ffbcbc3c8c3714cf7ea648d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe

Filesize
468KB

MD5
3f83c0b2b37cbc6c93d4682683d74b1b

SHA1
9f8b90a69d1259ddf0b41b90eff2e1af226d7726

SHA256
e0e036c4e2793003e1eacb0f76a36c793173ce3e803ce3fab29ccb03a0d3d2ff

SHA512
01ffdbcc12b2e8dffdac5c2f3ca6f383f7985f6b8b881d26349dc4822881b151195e85aa2a2996d7537ecabcf3fdcd103611b06b30553ad82f2428e06847d6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe

Filesize
468KB

MD5
da0ac75519e14fa6b850ca4a027f3dee

SHA1
9e9c88e96a65ace6c2a019f41d76598c54082406

SHA256
62085df678c17a0886944008ca1b88c8f1f51598427a6bb348fc9c481e06ac04

SHA512
139f3c18e5d8ed1109c97f3c9b7fdd9294d56c872c8b29910ecee8658a7698f1688f5601487befa1e134b904a293af19861cc4fc6be12e6a5b9a68700b25bfc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe

Filesize
468KB

MD5
38c9d9cb60e03105ef255cf939e13f59

SHA1
7a93d79aea9b193673899fc34af153fffafd5190

SHA256
22ff5b1e09d8d923bd8706414abc4bcf15d12be69e004179b160edf8591f6759

SHA512
09519f5b19ba214ee7e9c460e95f2d4846c7d738425811f4523aea72e314d872c72cda620de36e74ad3b6f12be39f95645e9fd3e60b655ad81c1c721eeae9abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe

Filesize
468KB

MD5
13e6e0d3bc7e8e0b7caf9bfa55dcb3c4

SHA1
058db2fa02e488c0291fda653b98d346aca22f98

SHA256
cd872409554b1dfaa10f1a9577c1bac3c887cb62e3a8ffa93ab5ebe822442d9d

SHA512
44f6fe8fd6336812647643995ea0fe102529c1c821ebfc073e4fa5c9098969b31390381c4178e4f717e5d34f82e89f8c1327585af1f1f3171acf2961b2ebd74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe

Filesize
468KB

MD5
5eeb330e1cd7490175df8d87855b450e

SHA1
9c7687aa010fa67dfddb2115db48dbe840045519

SHA256
b43ab17e676a45db9887266f0428f1efbfd3d87af36f5b8f37a0c718db020e02

SHA512
4fc03e436c14d45db671ef13c8150638154e7f5a17ea6c87b5620bb66cd1af4be4ea862c768e1d71e4a8f8d967e91650ff5051693d7f7bf2dd6c527f9dd3a579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe

Filesize
468KB

MD5
fd6c295fa66df0ae332f36747f6409e8

SHA1
fcbaddcecd389abdab8827a5e80037bbc69b052a

SHA256
624c8a2258d787a58a52349e378702035c95fcfb33bba6cb59fd5236fc31b80e

SHA512
9ff74945aa33ad03708407c6afd2a2fe7044f7f5b69da2e4e964964b44b647a7f5f4bb940b63496bc1efebf102d36f2133103094ddf86c51040b0e9e9a4e9c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe

Filesize
468KB

MD5
0daa457fc188b6a92e4517bf1293685e

SHA1
0caf84429bf29ff1323b0d480903d4df480c360a

SHA256
c88def92ccb6d990b9c7707341914681c8a65b754b2a920a847426d0795f2f0f

SHA512
d86d2851b9054ac826f390adb8ec50575b1cfd118875cf4f37ebda857ebdfc926d31b7553dd7ad27ae3e49ef51404f204f6afcdb1aaac8179c5e6aafef54ecdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe

Filesize
468KB

MD5
b7d50ffb4c424120a2b34e8a5062df4a

SHA1
ab00ff3db82fa5dd36b63ef868a064008c1c2ec7

SHA256
6115b1b8c0aa0d3dc01a7adb82e2b461d5b0975e2b88d281c3512f6385e0d437

SHA512
66ba00297bcd619ad0bf3301d01fcb45bd2d9b630c173a418bb2766f6a0a716128082d1c10e227d9f54648d904af0aa8d0b338170de933e2fe4630a1d7f866f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe

Filesize
468KB

MD5
d2662fada6f6c27c3d2cc3e51058fc9d

SHA1
ebc3e020453f9ff1d2eccd973efa5a613bc18072

SHA256
51c1dbb638fe8799b6120ba7510568454d9e38e8eee3a46d7c5acb34667c2f40

SHA512
c4ea3c4f6f8fbc9dcfb57f1050e207b7d3674a59ef44b5a4391fa2592f62ce49e147b56fec926f4305e7c3eb64aad88e553e50cfd6e5f8ec99c70efb8382461d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe

Filesize
468KB

MD5
e89bd82eaa9ee457c547bbd30464bfb9

SHA1
693a5e2ece48fbc287372f2dddc39b6e9eeac9b6

SHA256
df3b1ac0c14ea12db574df097f42ab758211cc91e601f8d8972904b7edb53934

SHA512
91232e2cf5d8e14a7b71dba542711520e0fd24d869b1feea431bfe75957badf32f6c4d49894ac8e279a841d1c981a4d53fafbd614929c10b06c797f399aaeed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe

Filesize
468KB

MD5
94bf4e1aed68f7d2f18d0f6a8e2f5441

SHA1
6e14775fd20650b41b0329e36aa981e6cee5ff1a

SHA256
9ca30b76bcdbcfe97629294ac34b5cf4936d3322632be67c0e7b2d3980cad5a8

SHA512
415cea310ce9e751e2084ac39d070592a1c89de65dc65b81f8c7fc92bb58272cce40582003e82f0d1e98913d2fe06d4095b04a64b54674cca9ab8a5aa1a91f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe

Filesize
468KB

MD5
c5ec4373bc116affccaf199af32ce1f5

SHA1
893b26580b065c7c91f16971f8f77856d9ec536e

SHA256
ae6e3807c6d53ee58e8a623ac8c6d42ea93f550dc1f96b55a52e69733acc9efc

SHA512
c62a0941a45cb97b5499e0186aa0fbe6012e464eaa1159ac30ad2da428caeefc94495cace5aa2fb3decd920470e1027b83bd7d2e3f4956ddc36c5a8fdaf8f76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe

Filesize
468KB

MD5
05962ad12068fccae6d55af81af270eb

SHA1
752d86e5172c9ed54f0e7b3411a0ce63d478f57b

SHA256
e3a9acdc6d9c4051f3cca6e97416e4ffbb213ef0a4b3778964fbc106cb260faf

SHA512
779e1f2e06d99b1252bf2ab640fca56d6b582a7fdb38e57e3b28436c50e69a87d81c3031f1ed24c585f89aaf9632630dde2e85b5038b962ba417a695fd09ec02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe

Filesize
468KB

MD5
c322bd2375b1cf14d77e1cff10af8954

SHA1
8882fc85625bd8635aa0239db60050dd9cdbc68b

SHA256
a37a5f74c474d6e063bf9d29bcbc1b6c3efdcc7d8e1476088d26d993044950cd

SHA512
64024b106c40ce706d86f8e15ed760e824ef9f713beb37fd650f69deb3555eedbb9fa45b0b1a410ca7d71404d671bee0152f48eb84bbd40231dddd8f500c492e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe

Filesize
468KB

MD5
04c19572b34981ce3830ca4d67087e81

SHA1
e3a279479188857885d1d1b53e2c91f8166976d0

SHA256
c967757f3e173a2b9aea7f0517087ee22c5723b106225a3e9ad174a5da5881d3

SHA512
bb67e1132145949c004b4b7bf35ea19563abc78f79d07af2360447759b392e627125200b77ab0009708f378ed73bcb508d6f737aa4f53ae9aed9e04ae3e1cba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe

Filesize
468KB

MD5
da0f78849472695dc43bc55cfc7f9ce2

SHA1
0649578f2a2c3cd3fa5953b4eabdfea6435d732e

SHA256
91d64fa1b154d5d66266144b0548fdb6bd98d5b32b4a786228f3125ed317a91b

SHA512
72a38a9e7ff46821b5d1ae71a2c4839a4be03e7997e4bf120897805c31d44560a3dfd25056d7c6230065d027139028fa3f63c94f3cc67b9a7f880dc907f12118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe

Filesize
468KB

MD5
c19885c65da6903e1fd18544ab3be073

SHA1
e52f1e7faf4c040b7d053a9cd042a4322f138c57

SHA256
1428118fce84d34d84fd6c571c452d9078ef61375f8ef4739bc6f71ccdead7ae

SHA512
554354e57b4021465b5e430bb331beaf52ff697a3e7631570b0345f46f0c6ac136d3804244f8e7db27fbfb9bcaa699babcff77857e244f979952ea7c5bcaa75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe

Filesize
468KB

MD5
5971e921d3dce719523ed96af2276293

SHA1
b450ff049950fc3cce24c878b1fea92f0945e39b

SHA256
3098639005caaf59d3105922d0e321d539e7deee5a52dfa025c119f3744b6f3b

SHA512
29480a0f45244a8f06b14d724ba3cffc9727c1fcfaee137115028de6d5b4e72f850016142b9647118d1da05e0a4d7e237933657406d81b3c5ce3e6b1cf57f174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe

Filesize
468KB

MD5
7d2960faeeab3800e99726e365792baa

SHA1
17bdb760222a819a6c36347749b181b96576e4e6

SHA256
08a46650e0e57cb514268cc5042bf48c1e6b377edf7ac55d8244bbf797cc475e

SHA512
a466641e17076cb5a8a54e6400d027fac67246e06780a51cfe9f0ecdf556f7ae4e6ee7ef4910918c13eb7c194a6368ab84e4fec5e54196861fd353e0c3486516

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe

Filesize
468KB

MD5
fd2073d4faab837fd729b6b2a4245b34

SHA1
b225b02d94b7727ecbcf42e58d45649818b003bc

SHA256
053e45ae13ac2b7f30c123d7c4977b246e4f3b89527a82a74491be8b75e49cff

SHA512
a86d28c2ae532b8d922020a666214980631409aafa20e22f91e2ac46e6eb1d3c0d0ba912d8c8e7487052e737c7e975b4d571d3b3631b19d6c055684d29bba9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe

Filesize
468KB

MD5
d9700a5bb78636acd0b09273bd702883

SHA1
be5e6725957a80b1c1bb41536a5764adb66d42f6

SHA256
779df3fb99c9bc966f8131094dd238a0b4bacf9a88e7b49c0c1e240982addcd9

SHA512
16d984b9ba7dcd6311aaa03f0ad608caa206e1390d37621a6a95c5fb47be50c49325c0bd6eb0877b73b1ac39ed8824f81c7c4df75df26b6e0f58e0315c2bd8bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe

Filesize
468KB

MD5
eed100d6d7204a7909fb325b7bae8804

SHA1
98e8fb942df670e356b011fbfa1d135df0b84009

SHA256
14b3d88027f87195b9d6a2daf19c63fbfc6572f5d5e0d5cb79b16e246cf2c684

SHA512
a74661bde0ee47739b42b778ff5bfea5ad2d7ef4187fab324ef5bc3aac984897413d92c1f486be5ae47d503ff0a427a09d2f54a2fd42dcc5013629cba952b384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe

Filesize
468KB

MD5
a0762dc7bdd95b6b1729d1415156972e

SHA1
c88b4ba5c3dc5aaf80ed71c304318176267e4084

SHA256
0603f78800cc975d9ab1e4a27bb4e2986fabd1f763160e505f0b272b9b25f1c6

SHA512
7de46178ab84e8129b1cfcc1a5b44bf2362d59b7f36042a78e12fbb8232ed7376330f53bff89cfa8c6491ec716235c61f2080ad3a91fb6d1b50649565865317d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe

Filesize
468KB

MD5
eea0799314245ab5d569b34c7aad66a8

SHA1
6736769e266d6aa2d95516dedc56e2c681a59f5d

SHA256
99fc770082f090ef5f841d453a305419650f660562ed37114ab7368e4f813a26

SHA512
419beaed5ddfb880ad211a09721f328b78532d8bf235408f6c81e845a0b078c413ff35f21caa63b560cae509d8bb165eaf9abd47fae2cdf26bf3d20c2812d81e

Download Submit
memory/208-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/728-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/784-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/888-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1008-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1068-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1132-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1188-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1420-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1456-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1632-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1900-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1956-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2084-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2484-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-2388-0x00007FF906300000-0x00007FF906359000-memory.dmp

Filesize
356KB

Download
memory/2924-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2932-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3404-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3676-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3756-70-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3760-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3764-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3820-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3848-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3920-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4120-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4512-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4732-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4760-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4836-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5188-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5244-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5256-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5332-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5344-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5376-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5392-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5544-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5664-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-557-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5736-558-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5748-559-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5764-560-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5784-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5816-562-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5824-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13876-2613-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14544-2500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14592-2577-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14636-2506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14860-2614-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads